Notepad++ Update Mechanism Hijacked by State-Sponsored Actors for Six Months
Complete Cloud Security in Minutes – Orca Security
2026-02-03 03:30:30
收藏
Introduction State-sponsored attackers compromised Notepad++’s hosting infrastructure from June through December 2025, hijacking the application’s update mechanism to deliver malicious executables to selectively targeted users. The attack did not exploit a vulnerability in Notepad++ code itself but leveraged infrastructure-level access combined with insufficient update verification controls in the WinGUp updater. No CVE has been assigned. […]
The post Notepad++ Update Mechanism Hijacked by State-Sponsored Actors for Six Months appeared first on Orca Security.
目录
最新
- HackerBot-Claw: An AI-Assisted Campaign Targeting GitHub Actions Pipelines
- Post-Exploitation at Scale: The Rise of AILM
- Top 5 Takeaways from the Webinar on Agentic AI and Cloud Native Protection
- Unlocking Kubernetes Security: Insights from Our Session at SANS Kubernetes & CNAPP Forum
- Four Critical SolarWinds Serv-U RCE Flaws Enable Root Access
- The Future of AppSec: AI, Context, and Action
- Breaking: Actively Exploited Chrome Zero-Day May Impact Enterprise, Developer, and Automation Environments
- Building Application Security from the Ground Up: An Organizational Approach