88 matches found
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
UPD 11.02.2026: added recommendations on how to use the Notepad++ supply chain attack rules package in our SIEM system. Introduction On February 2, 2026, the developers of Notepad++, a text editor popular among developers, published a statement claiming that the update infrastructure of Notepad++...
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to...
CVE-2025-15556
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...
CVE-2025-15556
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...
CVE-2025-15556 Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...
CVE-2025-15556 Notepad++ < 8.8.9 WinGUp Updater Lacks Update Integrity Verification
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...
CVE-2025-15556
Notepad++ versions prior to 8.8.9 using the WinGUp updater are affected by an update integrity verification vulnerability: downloaded update metadata and installers are not cryptographically verified. An attacker who can intercept or redirect update traffic can cause the updater to download and e...
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central...
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved an infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic...
Notepad++ Plugin Persistence
This module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched. Module Options msf use exploit/windows/persistence/notepadppplugin msf...
CVE-2019-16294
SciLexer.dll in Scintilla in Notepad++ x64 before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file...
Notepad++ DLL WinGUp Update Hijacking Vulnerability (Dec 2025)
Notepad++ is prone to a WinGUp update hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2026-5735
Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.8.9 Description The Notepad++ WinGUp updater has a flaw in how it verifies the integrity of updates. This allows an attacker who can intercept or redirect update traffic to cause the updater to download and execut...
📄 Notepad++ 8.8.7 DLL Hijacking
Notepad++ version 8.8.7 DLL hijacking proof of concept exploit. ============================================================================================================================================= | Title : Notepad++ 8.8.7 Unsafe Plugin Persistence AutoLoad | | Author : indoushka | |...
Notepad++ Plugin Persistence
This Metasploit module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched...
Notepad++ DLL Hijacking Vulnerability (Oct 2025)
Notepad++ is prone to a DLL hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:notepad-plus-plus:notepad++"...
EUVD-2025-31376
Malicious code in bioql PyPI...
CVE-2025-56383
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...
CVE-2025-56383
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...
CVE-2025-56383
Notepad++ v8.8.3 has a DLL hijacking vulnerability, which can replace the original DLL file to execute malicious code. NOTE: this is disputed by multiple parties because the behavior only occurs when a user installs the product into a directory tree that allows write access by arbitrary...