zlacker
[return to "Notepad++ supply chain attack breakdown"]
◧
1. Someon+Xb
[view]
[source]
2026-02-03 23:40:47
>>natebc+(OP)
I'm out of the loop: How did they bypass Notepad++'s digital signatures? I just downloaded it to double-check, and the installer is signed with a valid code-signing certificate.
◧◩
2. gruez+be
[view]
[source]
2026-02-03 23:53:06
>>Someon+Xb
The updater doesn't check the certificate of the updated installer, it just executes whatever.
[go to top]