The Notepad++ attack and new supply-chain risks
How a trusted update channel became a threat vector, and what to do about it
Takeaways
- The compromise targeted the update delivery mechanism, not the Notepad++ application code.
- The campaign operated undetected for several months, impacting a significant number of users.
- Notepad++ has now implemented a stronger update verification process, chec...
