this post was submitted on 02 Feb 2026
312 points (99.4% liked)

Programming

24992 readers
638 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
UlrikHD@programming.dev
312
Notepad++ Hijacked by State-Sponsored Hackers (notepad-plus-plus.org)
submitted 1 day ago by who@feddit.org to c/programming@programming.dev
58 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] emb@lemmy.world 21 points 21 hours ago* (last edited 17 hours ago)

Worth noting this is not a new vulnerability, it's an analysis of a vulnerability disclosed in December:

Following the security disclosure published in the v8.8.9 announcement
https://notepad-plus-plus.org/news/v889-released/
the investigation has continued in collaboration with external experts and with the full involvement of my (now former) shared hosting provider.

According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The exact technical mechanism remains under investigation, though the compromise occured at the hosting provider level rather than through vulnerabilities in Notepad++ code itself.