zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. locuso+2i[view] [source] 2026-02-02 05:12:06
>>myster+(OP)
I don't think "we" would have been impacted since this specifically targets the updates, but recently Microsoft pulled Notepad++ from the list of apps we can use on our production management laptops. Some people were annoyed and whining about this. That predated this announcement by a few weeks. Probably the right move by the security folks.
◧◩
2. hjoutf+iu[view] [source] 2026-02-02 07:35:03
>>locuso+2i
it was pulled because the binaries were self-signed for a short period, not because they knew something

who signed the binaries was irrelevant for this attack, because the issue was not checking any signature

[go to top]