Lucene search
K

107 matches found

The Hacker News
The Hacker News
added 2026/02/03 4:55 a.m.16 views

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to...

6.5AI score
Exploits0
NVD
NVD
added 2026/02/03 1:15 a.m.8 views

CVE-2025-15556

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...

7.7CVSS0.01268EPSS
Exploits0References7
CVE
CVE
added 2026/02/03 12:50 a.m.60 views

CVE-2025-15556

Notepad++ versions prior to 8.8.9 using the WinGUp updater are affected by an update integrity verification vulnerability: downloaded update metadata and installers are not cryptographically verified. An attacker who can intercept or redirect update traffic can cause the updater to download and e...

7.7CVSS6.4AI score0.01268EPSS
In wildExploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 12:50 a.m.2 views

CVE-2025-15556 Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...

7.7CVSS6.4AI score0.01268EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:50 a.m.4 views

CVE-2025-15556

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...

7.7CVSS6.4AI score0.01268EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/03 12:50 a.m.35 views

CVE-2025-15556 Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...

7.7CVSS0.01268EPSS
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2026/02/02 3:49 p.m.8 views

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit

Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/02 8:55 a.m.15 views

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved an infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic...

5.9AI score
Exploits0
Metasploit
Metasploit
added 2026/01/15 6:58 p.m.378 views

Notepad++ Plugin Persistence

This module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched. Module Options msf use exploit/windows/persistence/notepadppplugin msf...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:30 a.m.8 views

CVE-2019-16294

SciLexer.dll in Scintilla in Notepad++ x64 before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file...

7.8CVSS7.8AI score0.09832EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2025/12/16 12:0 a.m.4 views

Notepad++ DLL WinGUp Update Hijacking Vulnerability (Dec 2025)

Notepad++ is prone to a WinGUp update hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.7CVSS5.7AI score0.01268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2026-5735

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.8.9 Description The Notepad++ WinGUp updater has a flaw in how it verifies the integrity of updates. This allows an attacker who can intercept or redirect update traffic to cause the updater to download and execut...

7.7CVSS6.7AI score0.01268EPSS
Exploits0References47
Packet Storm
Packet Storm
added 2025/11/27 12:0 a.m.154 views

📄 Notepad++ 8.8.7 DLL Hijacking

Notepad++ version 8.8.7 DLL hijacking proof of concept exploit. ============================================================================================================================================= | Title : Notepad++ 8.8.7 Unsafe Plugin Persistence AutoLoad | | Author : indoushka | |...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/24 12:0 a.m.4 views

Notepad++ Plugin Persistence

This Metasploit module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2025/10/06 12:0 a.m.5 views

Notepad++ DLL Hijacking Vulnerability (Oct 2025)

Notepad++ is prone to a DLL hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:notepad-plus-plus:notepad++"...

8.4CVSS5.6AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31376

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.00269EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/27 12:49 a.m.7 views

CVE-2025-56383

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...

8.4CVSS7.3AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.2 views

Notepad++ 安全漏洞

Notepad++ is an open source plain text editor by Don Ho, an individual developer in Taiwan, China. A security vulnerability exists in Notepad++ version 8.8.3, which originates from DLL hijacking and could lead to the execution of malicious code...

8.4CVSS6.9AI score0.00269EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/26 12:0 a.m.11 views

CVE-2025-56383

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...

0.00269EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/26 12:0 a.m.3 views

CVE-2025-56383

Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...

6.9AI score0.00269EPSS
Exploits0References5
Rows per page
Query Builder