The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Summary
Kaspersky’s GReAT analysis details three infection chains used to compromise Notepad++ update infrastructure between July and October 2025. The article documents evolving payloads, network indicators, and IoCs, and provides detection guidance for organizations, including monitoring for NSIS installers and unusual DNS/C2 activity.