I thought Notepad++ had been abandoned a couple years ago because parts of the update code were completely hackable.
I thought Notepad++ had been abandoned a couple years ago because parts of the update code were completely hackable.
Archive: https://archive.today/JvrTW
From the post:
>Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. The attackers intercepted and selectively redirected update requests from certain users to malicious servers, serving tampered update manifests by exploiting a security gap in the Notepad++ update verification controls. A statement from the hosting provider for the update feature explains that the logs indicate that the attacker compromised the server with the Notepad++ update application.
Archive: https://archive.today/JvrTW
From the post:
>>Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today.
The attackers intercepted and selectively redirected update requests from certain users to malicious servers, serving tampered update manifests by exploiting a security gap in the Notepad++ update verification controls.
A statement from the hosting provider for the update feature explains that the logs indicate that the attacker compromised the server with the Notepad++ update application.
You are currently inside a comment thread.
Click here to see all the comments (3).