GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Taggart (mttaggart@infosec.exchange)'s status on Tuesday, 03-Feb-2026 02:13:39 JST Taggart Taggart

    Notepad++ versions and update mechanisms had been compromised since September until December 2025. Please update to 8.9.1 wherever you have this tool. It's unclear what malicious versions of the tool might do. I Recommend activating incident response for affected hosts.

    https://notepad-plus-plus.org/news/hijacked-incident-info-update/

    In conversation about 2 days ago from infosec.exchange permalink
    • Embed this notice
      Taggart (mttaggart@infosec.exchange)'s status on Tuesday, 03-Feb-2026 02:13:38 JST Taggart Taggart
      in reply to

      Based on release posts, impacted versions are 8.8.6, 8.8.7, and 8.8.8.

      In conversation about 2 days ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 03-Feb-2026 02:13:38 JST Kevin Beaumont Kevin Beaumont
      in reply to

      @mttaggart it was any version impacted as it was the auto update process

      In conversation about 2 days ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 03-Feb-2026 02:17:08 JST Kevin Beaumont Kevin Beaumont
      in reply to

      @mttaggart it was a remote access Trojan with a C2, I did a write up in December, nation state espionage stuff

      https://doublepulsar.com/small-numbers-of-notepad-users-reporting-security-woes-371d7a3fd2d9

      In conversation about 2 days ago permalink

      Attachments


    • Embed this notice
      Taggart (mttaggart@infosec.exchange)'s status on Tuesday, 03-Feb-2026 03:12:21 JST Taggart Taggart
      in reply to
      • Kevin Beaumont

      @GossiTheDog Right but the server was compromised between September and December, which maps to those versions. So if you're looking for potentially compromised versions, those would be the ones, right?

      In conversation about 2 days ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 03-Feb-2026 03:12:21 JST Kevin Beaumont Kevin Beaumont
      in reply to

      @mttaggart no, they delivered a Trojanized executable via the update process - not a new version.

      In conversation about 2 days ago permalink
    • Embed this notice
      Taggart (mttaggart@infosec.exchange)'s status on Tuesday, 03-Feb-2026 04:19:40 JST Taggart Taggart
      in reply to
      • Kevin Beaumont

      @GossiTheDog Ah I see. So the update process didn't bump the version number?

      In conversation about 2 days ago permalink
    • Embed this notice
      Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 03-Feb-2026 04:19:40 JST Kevin Beaumont Kevin Beaumont
      in reply to

      @mttaggart not necessarily. It would just download any .exe you set and run it, there was no signature checking etc.

      In conversation about 2 days ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.