First I thought CVE-2012-3587 was incompetence... but then seeing CVE-2012-0954 after it, I couldn't help think something more was at bay as something connected to a nation state. It does not surprise me in the least to see nation state attackers exploiting N++. Because I've also on very sensitive enterprise PAM systems in F500/research/academia, and about 10% of the time it felt like I'd see Notepad++ on internet-connected systems used for security tooling because vanilla notepad is indeed garbage. It does not surprise me at all this has been used as an attack vector.