Is this surprising? My model is that keeping with the new versions is generally more dangerous than sticking with an old version, unless that old version has specific known and exploitable vulnerabilities.
One comment there points out that XP is old enough for infected attack vectors to have all died out. I dunno.
But good we are talking about my point rather than than the example.
The video referenced in that article explicitly connects directly to the internet, using a VPN to bypass any ISP and router protections and most importantly disables any protections WinXP itself has.
So yeah, if you really go out of your way to disable all security protections, you may have a problem.
"Fixed some bugs" Yes thank you very helpful that! Now I can make a very informed decision.
Love notepad++ and will continue to use it.
The threat model for a server and for a personal computer are very different. On a consumer device, typically only the OS mail app and browser have direct contact with the outside world.
My point is, statistically, it is more secure to install updates as fast as possible.
We can take another example: search for “shitrix”, there’s thousands more CVEs out there to use as example.
On the other hand, any server running old, unpatched versions of apache or similar will get picked up by script kiddies scanning for publicly known vulns very, very fast.
The notepad++ attack is politically targeted and done through unconventional channels (compromise in the hosting provider). I don't think 99% of the people reading this thread has a comparable threat model.