zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. Saris+8G1[view] [source] 2026-02-02 16:37:30
>>myster+(OP)
I guess my habit of running a firewall and not allowing programs to access the internet unless they actually need it is helpful for stuff like this.

Absolutely no reason a text editor needs internet access.

I only update stuff through winget, which fetches the installer from github in a lot of cases, and changing a package requires a PR to the winget repo AFAIK. Not foolproof of course though.

◧◩
2. Pet_An+9Q1[view] [source] 2026-02-02 17:28:30
>>Saris+8G1
Checking for updates and pulling in plug-ins. Both are valid.
◧◩◪
3. thegri+7O3[view] [source] 2026-02-03 03:42:47
>>Pet_An+9Q1
As for updates - my OS has a built-in package management system, which is responsible for installing and updating packages. Why should notepad++ bypass that and do its own independent update process?
◧◩◪◨
4. marona+Fc5[view] [source] 2026-02-03 14:43:00
>>thegri+7O3
Because other OSs do not and the notepad++ team wants all users to have a similar experience.

If you don’t need auto updates, just disable them.

More importantly, notepad++ being able to update itself is not the exploit here. Your OS’ package manager would download the same compromised binary as notepad++’s built in updater.

[go to top]