The updater for the open-source editor Notepad++ has installed malware on PCs. An update to Notepad++ v8.8.9 corrects this.
  • lurch (he/him)@sh.itjust.worksEnglish
    3 months

    Headline seems intentionally vague. The updater was vulnerable to a download man-in-the-middle attack, because it used a weak certificate.

    • smeg@infosec.pubEnglish
      3 months

      Which requires a malicious network operator or some other kind of DNS poisoning. Not exactly a radical exploit