pez

@pez@piefed.blahaj.zone

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Notepad++ Hijacked by State-Sponsored Hackers⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Thanks!
⁨Comment⁩ on ⁨Notepad++ Hijacked by State-Sponsored Hackers⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.
⁨Comment⁩ on ⁨Notepad++ Hijacked by State-Sponsored Hackers⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it’s also possible that the malicious payload was delivered without any update to notepad++.

I’ve not seen any IOCs published have you?
⁨Comment⁩ on ⁨Notepad++ Hijacked by State-Sponsored Hackers⁩ ⁨⁨4⁩ ⁨days⁩ ago⁩:
Looks like 8.8.1 was May 2025 https://notepad-plus-plus.org/news/v881-we-are-with-ukraine/

8.8.2 was June 2025 and has a warning to ignore “false positives” of malware in the update…. Ouch. https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/