this post was submitted on 02 Feb 2026
502 points (99.4% liked)

Technology

80267 readers
3534 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
502
Notepad++ Hijacked by State-Sponsored Hackers (notepad-plus-plus.org)
submitted 2 days ago by Beep@lemmus.org to c/technology@lemmy.world
79 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Snazz@lemmy.world 2 points 1 day ago (1 children)

What was the latest version before June 2025?

[–] pez@piefed.blahaj.zone 10 points 1 day ago (1 children)

Looks like 8.8.1 was May 2025 https://notepad-plus-plus.org/news/v881-we-are-with-ukraine/

8.8.2 was June 2025 and has a warning to ignore "false positives" of malware in the update.... Ouch. https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/

[–] AceBonobo@lemmy.world 3 points 1 day ago (1 children)

You might have version 8.8.1 or lower, however it might have tried to order update got the vulnerable package instead and then remained on the older version. I think even if you have the older version that's not a sign that you weren't compromised.

[–] pez@piefed.blahaj.zone 1 points 1 day ago (1 children)

Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it's also possible that the malicious payload was delivered without any update to notepad++.

I've not seen any IOCs published have you?

[–] AceBonobo@lemmy.world 1 points 8 hours ago (1 children)

I'm not sure what you mean. The article states there were remote hands on keyboard noticed in multiple companies. That's how the vulnerability was discovered.

[–] pez@piefed.blahaj.zone 1 points 2 hours ago* (last edited 1 hour ago)

I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.

Edit: Found some! This is the type of info I was thinking of when I used IOCs

https://securelist.com/notepad-supply-chain-attack/118708/