zlacker

[return to "Notepad++ supply chain attack breakdown"]
1. troad+P8[view] [source] 2026-02-03 23:25:32
>>natebc+(OP)
It now seems to be best practice to simultaneously keep things updated (to avoid newly discovered vulnerabilities), but also not update them too much (to avoid supply chain attacks). Honestly not sure how I'm meant to action those at the same time.
◧◩
2. TingPi+Q9[view] [source] 2026-02-03 23:31:26
>>troad+P8
I feel like supply chain attacks are the much rarer situation than real world exploits but I don’t have numbers.
◧◩◪
3. krater+rb[view] [source] 2026-02-03 23:39:06
>>TingPi+Q9
Supply chain attacks have impact on more systems, so it's more likely that your system is one of it. Opening a poisoned textfile that contains a exploit that attacks your text editor and fits exactly to your version is a rare event compared to automatically contacting a server to ask for a executable to execute without asking you.
[go to top]