zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. tech23+V3[view] [source] 2026-02-02 02:39:08
>>myster+(OP)
Notably Notepad++ was recently shipping unsigned/self-signed updates, apparently overlapping with the time of this incident, see releases 8.8.2-8.8.6: https://notepad-plus-plus.org/news/
◧◩
2. bakugo+F4[view] [source] 2026-02-02 02:48:43
>>tech23+V3
So they just conveniently decided not to sign their releases right around the time they were supposedly "hacked"?

Something doesn't seem right here.

◧◩◪
3. adzm+d6[view] [source] 2026-02-02 03:04:14
>>bakugo+F4
Code signing certs are unfortunately expensive
◧◩◪◨
4. firest+58[view] [source] 2026-02-02 03:20:21
>>adzm+d6
$700+ at Sectigo for two years

Something of Notepad++ size might think about it now

◧◩◪◨⬒
5. hjoutf+tu[view] [source] 2026-02-02 07:36:22
>>firest+58
the issue was not the money, but that it was difficult to get a certificate without having some sort of legal entity
◧◩◪◨⬒⬓
6. firest+Ev[view] [source] 2026-02-02 07:51:04
>>hjoutf+tu
Certum.eu has this figured out.

https://support.certum.eu/en/code-signing-required-documents...

https://shop.certum.eu/open-source-code-signing-on-simplysig...

$49 (EU) Gross

[go to top]