zlacker

[parent] [thread] 1 comments
1. wglass+(OP)[view] [source] 2026-02-02 04:13:56
Can someone help clarify this for me?

Is it correct to say that users would only get the compromised version if they downloaded from the website?

Notepad++ has auto-update feature, is there any indication that updates from the AutoUpdate were compromised?

replies(1): >>jszymb+21
2. jszymb+21[view] [source] 2026-02-02 04:26:42
>>wglass+(OP)
No, it's specifically the updates that were targetted. I'm unsure about the downloads but those too are presumably at risk.

> The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.

[go to top]