DigiNews

Summary

Ars Technica reports that Notepad++ update infrastructure was compromised for six months by suspected China-state hackers who intercepted and redirected updates to deliver backdoored software. The attackers exploited update-verification weaknesses and traffic interception, and researchers warn organizations to ensure they run official builds (8.8.8.8 or newer) and consider restricting updater domains in high-security environments. The article highlights supply-chain risks in popular open-source tooling and calls for stronger governance of update processes.