| ▲ | starkeeper 7 hours ago | |
What was the impact of being compromised? Were they able to inject code into releases of Notepad++? | ||
| ▲ | davorak 5 hours ago | parent [-] | |
They were able to replace the downloaded executable with their own version. From the article: > 2. Even though the bad actors have lost access to the server from the 2nd of September, 2025, they maintained the credentials of our internal services existing on that server until the 2nd of December, which could have allowed the malicious actors to redirect some of the traffic going to https://notepad-plus-plus.org/getDownloadUrl.php to their own servers and return the updates download URL with compromised updates. | ||