Jo MommaFeb 3
David Amador
In case you missed yesterday, Notepad++ auto-update mechanism was hacked and was delivering backdoored versions for a couple months. Tons of devs use this, uninstall completely what you have, search for the sus files mentioned in article and only download from official site https://arstechnica.com/security/2026/02/notepad-updater-was-compromised-for-6-months-in-supply-chain-attack/
Notepad++ users take note: It's time to check if you're hacked

Suspected China-state hackers used update infrastructure to deliver backdoored version.

Ars Technica
Feb 3 at 9:02amWeb
Show threadDavid AmadorFeb 3
here is a deep technical dive into Notepad++ hack, including files that are identified as suspicious https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom.

Rapid7
Show threadUtarg of Utarg 🔬🇪🇺🇸🇪🇬🇧🇺🇦Feb 3
@djlink Wow! That’s a big fish they landed.
Show threadWade McGillisFeb 3
@djlink FUCK