The popular text editor Notepad++ recently suffered a security breach that compromised its update patches for six months. Hackers gained access to the hosting server, redirecting legitimate update downloads to a malicious installer.
Key Details of the Incident:
- Timeline: The compromise occurred between June and December 2024.
- The Attack: Attackers redirected update requests to a malicious file that appeared to be a standard new release.
- Impact: A limited number of victims were targeted during the campaign.
- Current Status: The issue has been mitigated, and the servers are now secure.
Action Required:
If you use Notepad++, it is highly recommended to manually update the software to the latest version directly from the official website. This ensures you are running a clean release and overrides any potentially compromised files from the affected period.
Security researchers (via The Register) suggest verifying your installation if you updated the software during the second half of 2024.
