Dave Thornley
ⓋincentpantsOh wow. Notepad++ was hijacked by state sponsored actors. Bonkers. #infosec
https://notepad-plus-plus.org/news/hijacked-incident-info-update/
https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Stephen Murcott@vincentpants yikes not much detail on the nature of the malicious notepad++ users may be using.
Jakob Fel 
@vincentpants I'm mildly skeptical of this for one reason only: for years now, the maintainers have been dedicating their releases to various activist causes (mostly relating to foreign geopolitics). I'm not saying this didn't happen but I'm also not going to jump the gun on this claim either until more detail comes out.
Victoria🏳️⚧️@JakobFel @vincentpants what the fuck is your post even supposed to mean?
Darkoneko@vincentpants what the fffff****
mr_daemon@vincentpants The upsetting part is the absolute lack of details for users.
"Oh we fixed it sorry if you got a malicious payload lol, you're on your own to figure out whether or not you did and if so what it is"
YEA THANKS
Johann Uhrmann@vincentpants are there any IoC publicly available?
🎹 Your Masto in April 🎹@vincentpants Reason n±1 to #SwitchToLinux.
The Digital Polyglot™
ShinosarnaFor an average user Vim might as well be malware.
@mast0d0nphan @vincentpants the issue was that website was compromised and users downloaded malicious binary. You realise it can happen everywhere, right?
fabyyiola@vincentpants dang, imagine the guy that had to send the email to the customers :X
TomGwozdz@vincentpants a couple months ago, a large company I work with force removed nodepad++ from all computers in the company without saying why. I guess this explains that.
Oh wow. Notepad++ was hijacked by state sponsored actors.
the threat acotor is likely a Chinese state-sponsored group
Funny how it is always supposedly a chinese threat, despite now full fascist usa being the no 1 spying nation on the planet.
toerror@Kerplunk @vincentpants I imagine the US can use legal mechanisms to do the things they want rather than having to resort to elabourate, detectable exploits?
@Kerplunk @vincentpants I imagine the US can use legal mechanisms to do the things they want rather than having to resort to elabourate, detectable exploits?
Dream on.
Mouse@vincentpants again? must be a day ending in y
fuopy@vincentpants Can we just not have every piece of software try to connect to the internet, please? So many hobbyist and open-source projects have added auto-updaters and this story is exactly something I was worried about.
@vincentpants Can we just not have every piece of software try to connect to the internet, please? So many hobbyist and open-source projects have added auto-updaters and this story is exactly something I was worried about.
Klaus Frankagain? Or still the one from a few months ago?