this post was submitted on 03 Feb 2026
23 points (100.0% liked)

Opensource

5775 readers
306 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
23
Notepad++ hijacked by state-sponsored hackers (notepad-plus-plus.org)
submitted 1 month ago by pylapp@programming.dev to c/opensource@programming.dev
5 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] artyom@piefed.social 3 points 1 month ago (2 children)

I'm so confused.

  1. It doesn't say anything about "state-sponsored attackers" outside of the headline? What state? Why?
  2. Why is a Notepad app connecting to any servers or have credentials at all?
[–] DemBoSain@midwest.social 1 points 1 month ago (1 children)

It wasn't specifically notepad++ code, but a custom-written updater. That's why it was connecting to the internet.

[–] village604@adultswim.fan 2 points 1 month ago

I mean, it is n++ code because the updater is part of the code base. They just didn't have the connection to the update server hardened.

This was patched in like December, though.