abadideaNotepad++'s update mechanism was compromised from June to December 2025. They believe it was a state actor practicing selective targeting and not a no-hosts-refused malware gang situation. https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Jeffrey@0xabad1dea So glad I am using VScode instead. No malicious state actors meddling with that app, just malicious corporate actors.
mer@jtig @0xabad1dea Ah you didn't hear about the MS news then ? That MS was handing over data based on court orders. So state actors just have to ask MS. Not saying its a reason to stop using it though.
@mer @0xabad1dea Not to mention, the extension marketplace is a breeding ground for malicious actors (however aligned). And the execution of scripts after trusting the repo in VSCode the OP pointed out a while ago.
Maybe VSCode isn't the right IDE either 