Thread #108042472 | Image & Video Expansion | Click to Play
>if you updated Notepad+++ anytime between now and 2025 you're computer is compromised
How do we cope with this?
250 RepliesView Thread
Showing all 250 replies.>>
>>
>>
>>
>>
>>
>>
>>
>>108042594
>shill me your open sauce alternatives /g/
srsl?
well ok. General editors (hard mode) : vim, emacs, also gvim, neovim
General editors: kate. geany is usually weaker imo. Gedit might be most weak (simple re programming).
Good IDEs and still easy to start using: qtcreator - mainly for C/C++. You can make any program in it, also terminal programs, it reads CMake files too (dont have to actually develop with Qt libs nor use qmake despite the name).
>>
>>
>>108042598
looks like it came out of windows 98, neat
>>108042610
and what if i autistically utilized notepadPP for everything? kate seems like a strong contender after all the vims
ty anons
>>
>>
>>
File: 1768264270030005.png (80.1 KB)
80.1 KB PNG
>- Notepad++ suspects it is the Chinese government
>- No evidence provided currently demonstrating why they suspect it was the Chinese government
So the schizo hijacked his own software to make a political statement.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
File: the fuck you looking at.png (317.8 KB)
317.8 KB PNG
How does someone hijack your server and you don't realize for half a year?
>>
>>
>>
>>
File: 1736661224833188.jpg (36.9 KB)
36.9 KB JPG
>>108042472
This is why I block all online functionality in apps that don't really need it. The only thing that should get through your firewall are browsers and OS updates.
>>
>>
>>
>>
>>
>>
>>
>>108043108
The fact that the dev sees his program as a platform for political bullshit is a security risk by itself because it shows a level of mental instability attached to something that you're installing on your computer.
>>
>>
>>
>>108042472
I remember that around October last year someone got access to all my accounts. All of them: banks, social media, Steam, emails, etc. Everything except things with 2FA.
I suspected that my PC was infected so I reinstalled Windows. I had absolutely no weird software on that PC, but I did have an updated version of Notepad++ and I still do.
>>
File: 1764525231934952.png (22.6 KB)
22.6 KB PNG
>>108042472
Oh no.
>>
>>108043129
>>108043159
>it's le SECURITY ISSUE because dev supports a sovereign nation that's being invaded
Oh, but I'm sure if the epstein psyop board convinced him to support pootin instead, it would be perfectly fine.
>>
>>
>>
>>
>>
>>108042472
>be retard sperging politically in updates
>people don't care and call me stupid
>idea.jpg
>add malware to my releases for a few months
>say it was ze evil chinese who did it
>say only "select individuals" were targetted so people will keep using my crapware
>profit?
>>
>do a clean install of W10 back in October last year
>download N++ from scoop
>use scoop exclusively to manage my updates, never using the in-built autoupdoot feature from N++
Am I fucked?
I'd rather not halt my work and spend an entire week doing backups/reinstalling my whole system just because this jackass couldn't keep his political opinions to himself.
>>
>>
File: notepad++.png (24.9 KB)
24.9 KB PNG
>>108042472
not my problem
>>
>>108042940
It was shared hosting infrastructure and it was actually part of the shared infra that was compromised and was chaining incoming requests meant for Notepad++'s update URL to an attacker-controlled system.
There would've been very little signals for Notepad++'s author to have been able to pick up on.
>>
>>
>>
>>
>>108042594
Why am alternative to Obsidian? I just recently started using it so genuinely curious.
Notepad++, been a long time user. I rely on its keyboard shortcuts for moving text around, it's column editor, and the many other ways it lets you control text. Also things light marking and highlighting. When I, and probably others, ask for an alternative, it needs to be really damn close.
>>
>>
>>
>>
>>
>>108042472
President Xi, My name is Ken Thompson. I am 82 years old. I live in California. My government has backdoored my compiler, and the NSA is running crypto miners even though RAM is getting more expensive. Please send Chengdu J-20 Multirole Stealth Fighter Aircraft through my Notepad++.
>>
>>
>>
File: 1754337209298621.jpg (30.5 KB)
30.5 KB JPG
Thank god I'm a lazy retard and update shit through winget
>>
>>
File: 1768762626783613.png (199.4 KB)
199.4 KB PNG
Installed it dozens of times on customers computers, always using the same installer from 2019 or so and disabling updates
>>
>>
>>
>Windows' notepad has cloud garbage and takes 5-10 seconds to open
>Subilme is abandonware that you also have to pay
>Vs Code takes 500mb of RAM an 10 seconds to open a 30kb .txt file
>Notepad++ is a security risk thanks to the Dev's retardation
is having a free, simple, lightweight text editor with markups too much to ask?
holy shit, the absolute state of fucking windows' text editors
>>
>>
>>
>>
>>
>>
File: file.png (7.1 KB)
7.1 KB PNG
>>108044096
Why though? Unironically what's the usecase? What do you actually think is going to happen?
>>
File: file.png (2.9 KB)
2.9 KB PNG
>>108042472
Did it get updates?
>>
>>108044203
>hurr durr what's the use case of updating software I'm on /g/ technology but don't understand what an update involves
Get your ritualposting retard ass out of here. This is supposed to be a board for people who have a greater grasp on technology than baby boomers who don't know how to set a timer on a VCR.
>>
File: literalchad.jpg (61.4 KB)
61.4 KB JPG
>>108043167
>>108043263
>>108044261
these. why do people update working software unless there's a bug directly impacting your experience? it's rare I've updated something and been impressed by new functionality, they usually just make shit worse.
>>
>>
>>
>>
>>108044320
Not sure why you have to seethe so hard about it. All my software works fine, it makes no sense to update until I actually run into a bug or a missing feature. Enjoy your compromised notepad++ though, I bet that new version brought plenty of exciting new features and the update was worth it
>>
>>
File: 1758579211899757.png (9.7 KB)
9.7 KB PNG
>build time: Dec 8 2025
>>
>>
File: IMG_5545.gif (98.4 KB)
98.4 KB GIF
so if I downloaded it in June from the website but never updated it what does that mean? Am I still fucked
>>
>>
>>
>>108042940
He had a website set up on some hosting provider. The hosting provider got rekt and the attackers allegedly began selectively delivering compromised updates. Now the other problem comes in, namely that older versions of Notepad++ did not verify any signatures or such on the update installer they downloaded, which then means that the targeted users just got rekt.
Making an auto-updater with no signature / validity checks of the downloaded update seems like an extremely bad practice, but as for detecting the actual compromise on the hosting provider, that seems very difficult for the dev to do. If this was actually targeted at whoever the fuck (not specified) then they would have probably not served any compromised shit to the dev himself if he tested it, so he wouldn't find out.
The big question is how the hosting provider got rekt and didn't know it.
>>
>>
>>
>>
>>108044884
>so if I downloaded it in June from the website but never updated it what does that mean? Am I still fucked
No, if you downloaded any version but never used their dumbass updater you are fine
Why the fuck would I update their software, what could possibly be of interest in the patch notes
>>
>>
>>
>>108042684
>>108043179
>>108043108
Didn't use Notepad++ because of the shitty icon/logo, the politics is just a bonus
>>
>>
>>
>>
>>108042472
So like, this only affects users who've used the updater within the program itself? I had to reinstall it around november but I went and downloaded directly from the website, no clue if I'm fucked or not
>>
>>108045154
>do i need to make my own fucking text editor wtf is this shit
Unironically, and I actually hate AI since I'm in tech and it's making people into fucking idiots, homebrewing your own text editor has never been simpler
>>
>>
>>108042995
How did you do it? My router is an old TP-Link from like 2015 and the firmware was never updated and it is notoriously unreliable so I just used my Huawei modem directly with my SIM card most of the time.
>>
>>
File: lmao.png (9.5 KB)
9.5 KB PNG
>>108044330
That's nothing babe, check this.
>>
>>108045448
that's pre-cia patch, check version 7.3.3
https://notepad-plus-plus.org/downloads/v7.3.3/
>>
>>
File: lmao.png (69.9 KB)
69.9 KB PNG
>>108045463
>>108045478
>dude just load this dll and then I can hack you!
every time...
>>
>>
File: 5ff3a9f706b5644f47fcd24cbea4e705.jpg (49.6 KB)
49.6 KB JPG
so the issue with the update.exe?
holysht glad i'm using simplewall, it probably blocked any update attempt
>>
I don't like anything about this I read their terrible typo ridden blogpost and it was all the 3rd party said this said that they fixed this they said that.
Notepad++ is run by retards that don't know shit. It will never be on any of my devices ever again. Open sores garbage strikes again.
>>
>>
File: G-q6qb-XgAABfL7.jpg (35.9 KB)
35.9 KB JPG
I updated around Jan 20 without a thought.
Am I fucked?
>>
>>108042472
> you are computer is compromised.
K bud
Anyway, only retards use notepad++ in the last 15 years. Maybe longer.
>>108042610
Don't forget bluefish
>>
>>
File: 1759435341908891.png (39.6 KB)
39.6 KB PNG
never updated, and still never will
and im not changing text editors
you cant hurt me jack
>>
File: Wise Tobacco Rat.jpg (32.9 KB)
32.9 KB JPG
>>108042472
Thankfully I'm running the 7.33 portable version.
>>
File: G_nIVXcWQAArJ3I.jpg (39.5 KB)
39.5 KB JPG
>>108045692
you're safe (if the hosting provider isn't lying)
>According to the former hosting provider, the shared hosting server was compromised until September 2, 2025. Even after losing server access, attackers maintained credentials to internal services until December 2, 2025,
>>
>>
>>
>>
>>
File: sloppad++.png (2.4 KB)
2.4 KB PNG
>>108045763
so I can just keep using the notepad++ version I already have, nothingburger except for updooters?
>>
File: t.jpg (65.9 KB)
65.9 KB JPG
>>108045818
run a scan using: bitdefender free (it's the best desu, worked on a virus i had long time ago. malwarebytes couldn't find it)
if by any chance it finds something, format
>>108045826
I moved to Kate lol not trusting noepad++ again
>>
>>
File: 1768873988563654.gif (2.7 MB)
2.7 MB GIF
>>108042472
>its another hack involving always updating
>always the dead programs that just work and never need updating
Only Indians would be upset about this.
>>
>>
>>
>>
>>
>>
>>
File: file.png (8.1 KB)
8.1 KB PNG
>>108042472
how fucked am i right now
>>
>>
>>
>>
File: file.png (30.5 KB)
30.5 KB PNG
>>108046393
>>108046438
i believe that CHINESE TAIPEI is part of CHINA, there is only one CHINA with its capital in BEIJING and its leader as XI JINPING, with CHINESE TAIPEI as a province of CHINA.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
File: baby laugh.gif (3.9 MB)
3.9 MB GIF
>>108046908
>actually falling for the shill
>>
>>
>>108046968
Oops quoted the wrong person. Meant for >>108046899
>>
>>108043274
>There would've been very little signals for Notepad++'s author to have been able to pick up on
time for him to start auto running a script that checks the hash of his internal build and the one being hosted
>>
>>108045958
no, he's right
https://semver.org/
>>
>>
>>108042472
all of us using winget to update are safe because winget downloads the latest installer from github and install on top of the already existing installation
if you updated using the automatic update from within notepad++ you were a target
what got hacked was the notepad++ updated server not github
the binaries were always on github
>>
>>
>>
>>108042472
>hmmmm that's odd, why is something trying to connect to some chink IP?
>oh well who cares, keep it blocked
adblock solves browsing the internet
a simple firewall (like, say, the aptly named simplewall) solves security
>>
>>
>>
>>
>>
>>
>>
>>
>>108042684
Holy fuck what a schizo.
What text editors/ideas are free from this political and gay bullshit. Why can't they just program apps without the need to be a fucking schizo.
Fuck i hope neovim is free of this shit, it's my goto editor atm.
>>
>>
>>
File: 1742963672438867.png (147.2 KB)
147.2 KB PNG
>>108043787
>>108047572
>winget update -all
>leave to take a shit
>>
>>
File: richard_matthew_stallman.jpg (57.5 KB)
57.5 KB JPG
>>108048282
>leave
>not sitting on a sysadmin bucket
>>>/v/
>>
>>
>>
>>108042541
>>108045277
Check your %temp% folder for the previous installers and compared the SHA256 to the ones on the official github
Strangely enough, I only had the installers for 8.8.7 and 8.8.8, but they both matched the official ones
And I don't have the %appdata%\bluetooth folder either, so I think I'm good.
>>
File: hqdefault.jpg (24.1 KB)
24.1 KB JPG
>>108042472
>june 2025
so almost certainly mossad trying to get into iranian nuclear sites again cause they used this EXACT same vector (compromised updates) to spread eternalblue and crash iranian centrifuge a few years back
>DURR ITS PROBABLY CHINA
yeah china during the 12 day war you fucking retard
>>
File: hackerman (1).jpg (1.3 MB)
1.3 MB JPG
>>108042472
I am considering right now if it is even worth it to continue using it. those updates with political messages may have doomed the software to a life of irrelevancy.
>>
>>
>>
>>
>>108046908
No, the hack doesn't prove that "I like Ukraine over the apes invading it and support Taiwan as an independent country instead of being psyop'd into thinking winnie the poo is a good leader" is a security concern. By all means, have your ideals shaped by fear like a pussy, be told who to support by the epstein-founded psyop board.
>>
>>
>>
>>
File: 1770142052.png (21.5 KB)
21.5 KB PNG
>>108042472
LIVING ON THE EDGE
>>
>>108047572
Afaik Winget just downloads the regular Notepad++ installer and executes it with silent and yes-to-all flags, which means it would install with the full default configuration, including installing the auto-updater component, which comes pre-enabled under default initial settings.
You're fucked.
>>
>>
>>108052127
i have never seen that update window
notepad++ doesnt run in the background
it doesnt have any scheduled tasks or service
you are retarded
what was compromised was their update servers which could be used to prompt the user to download the infected binaries
winget downloads the latest installer from github and runs the installer which installs on top of the already existing installation
it isnt a true package manager like the linux ones
i dont even think notepad++ has an auto updater
it automatically checks for updates and prompts the user to download it
>>
>>
For what it's worth here's a script to scan for IoCs https://github.com/CreamyG31337/chrysalis-ioc-triage
[spoiler]I'm too retarded to know how to properly run this, if someone could tell me step by step instructions because copy pasting onto powershell itself just results in an error[/spoiler]
>>
>>
>>
>>108054358
>>108054578
Sorry, I started writing that before reading all of your post. In the first line you have to replace "" with the URL you posted. To run PowerShell as admin, just type "PowerShell" into the start menu and right-click the icon when it appears. Though I can't vouch for the script itself in anyway, I don't know how those things work so I can't read through it
>>
>>108042472
> uninstalled notepad++ because of the woke ukraine retardation
> /g/ why did you do that anon? there's literally no reason to do that just use the software and ignore the politics!
I am vindicated. My IQ is triple yours.
>>
File: 1738837929863059.png (7.8 KB)
7.8 KB PNG
>>108042472
kek SublimeText wins again
>>
>>
>>
>>
File: file.png (139.6 KB)
139.6 KB PNG
>>108042684
>>
>>108055952
Why be willfully ignorant?
>>108039757
>>
>>108045185
>>108042688
Don Ho is not happy with me--that's okay, I'll still keep using his garbage.
>>
File: 1762331847311782.png (23.8 KB)
23.8 KB PNG
>>108042472
I'm in the clear
>>
>>
File: poop.png (26.5 KB)
26.5 KB PNG
>>108056293
Here is a portable version 3 build folder size.
>>
>>
>>
>>
File: 1765611718317011.png (18.7 KB)
18.7 KB PNG
>>108056293
Couple of scratch text tabs and a few small .txt files opened
>>
>>
File: 1757839161428434.png (2.4 KB)
2.4 KB PNG
am I dead?
>>
>>
>>
>>
>>
>>
>>
>>
>>
File: 1748277784180490.png (660.5 KB)
660.5 KB PNG
>>108042541
>the goys are onto us, quickly what's a convincing name for a Chinese hacker group?
>Lotus Blossom
>>
Notepad++
> only supports windows 7+
> very political comments inside software
> supports ukraine's mission to send innocent men to die for zelensky's wallet
Code::Blocks
> supports XP (and even win95 if you compile for ansi)
> so many plugins and features
> entirely scriptable, like, you can make it do anything or add menu items that'll do something
> russians and ukrainians can both work on it without hateful propaganda getting in the way
>>
File: Screenshot 2026-02-04 114823.png (24.2 KB)
24.2 KB PNG
I knew postponing all those upgrades was a good idea
>>
>>
>>
>>
>>
>>108054358
looks like im all clear?PS C:\Users\anon\Downloads\chrysalis-ioc-triage-master\chrysalis-ioc-tria ge-master\scripts> .\Check-ChrysalisIoC.ps1 [*] Checking known paths... [*] Checking mutexes... [*] Checking Run keys... [*] Checking services... ========== Summary ========== No Chrysalis IoCs detected in checked locations. Consider running with -ScanPaths to hash more directories (e.g. -ScanPaths 'C:\Users','C:\ProgramData'). Report saved: C:\Users\anon\Downloads\chrysalis-i oc-triage-master\chrysalis-ioc-tria ge-master\scripts\..\chrysalis-scan -20260204-121419.json PS C:\Users\anon\Downloads\chrysalis-i oc-triage-master\chrysalis-ioc-tria ge-master\scripts>
>>
>>
File: blue.gif (24.8 KB)
24.8 KB GIF
>>108042472
Not my fucking problem. Only retards get automatic updates.
>>108042901
Only a troll or a massive retard would answer like that.
>>
>>
>>
>>
>>108042472
>INCIDENT BEGAN JUNE 2025
When the developer let his certificate provider contract lapse.
>HOSTING INFRASTRUCTURE SAYS SEPTEMBER 2, 2025
Shortly after the developer started signing his own root certificate.
https://notepad-plus-plus.org/downloads/v8.8.3/
>Notepad++ STATES THEY BELIEVE COMPROMISE WAS JUNE THROUGH DECEMBER
The months where the certificate was lapsed and then self-signed, up until another certificate authority took over in December.
https://notepad-plus-plus.org/news/v887-released/
So lets get this straight. The developer lets his security certificates lapse over the matter of a hundred or so dollars a year, after getting nine years free. He then begins signing his own certificates rather than paying his current provider or any other provider. In the update name, he brags about it being self-signed as:
>Download Notepad++ v8.8.3 - Self-signed Certificate: Certified by Code, Not Corporations"
Literally bragging about not having a certificate authority involved. Fine. Maybe you're better at it. Lets see.
Then he gets a new provider and he calls the update "Authenticity Guaranteed"
Then in December he releases two updates:
>vulnerability-fix; and
>security enhancements
Then on February 2nd he's informed for the first time there's a security problem? And that China did it?
This smells fishy, boys.
>>
File: 1759542619194331.png (101.8 KB)
101.8 KB PNG
>>108061814
Correction: he paid for the new certificate authority in October, not December. So the timeline is
>June: notepad++ certificates expire for non-payment
>July: developer self-signs and releases update bragging about not having a certificate authority
>October: developer pays for a certificate authority out of his own pocket and brags about how authenticity is now secured
>December: developer releases a two updates titled: vulnerabilities-fix and 'security enhancements;
>February 2nd 2026, morning: developer made aware of compromise to notepad++ update system from June to December 2025
>February 2nd 2026, afternoon: developer (known to be insane) blames the Chinese government
>>
>>108042472
No issue at all.
>in linux
Kate, Kwrite, gedit, nano, vim, whatever
>in windows
Notepad2, baybee
Also, having auto-updates for programs without user confirmation should be prohibited. We already get enough shit with chrome extensions that start off good, but then get bought out and 2 years later become a botnet.
>>
A text editor has no reason to require any kind of access to the internet.
>but muh updates!
A separate updater program can take care of that.
Hopefully you have proper firewalling set up... Or just use an editor that doesn't fucking use the net.
>>
>>
File: checksum.png (44.5 KB)
44.5 KB PNG
>>108062114
update: all the Chocolatey checksums match, it's all good.
>>
File: Untitled.png (80.9 KB)
80.9 KB PNG
>>108062114
>>108062204
Package repo model of distribution has been vindicated once more. Most software shouldn't have their own mechanisms for software updooting.
>>
>>
>>108062114
package managers like winget and chocolatey downloaded the latest installer and run it to install on top of your already existing installation
windows doesnt have a "real" package manager like linux distributions because thats not how it works on windows
so as long as you didnt use the notepad++ updater you should be safe
i also always update software with winget so we should be safe
>>
File: file.png (58.9 KB)
58.9 KB PNG
>>108042762
>>
>>108050938
Certs cost like $300 a year for code signing and require annoying to set up infrastructure. I'm not surprised a lot of open source projects don't bother. It's actually cheaper and easier to do the apple code signing stuff on macOS.
>>
>>
>>108062808
You can blame him for some things. A better solution might have been
>Hey guys, we lost our certificate sponsor and I can't afford one on my own, so I'm either going to need $400 in donations or we go manual downloads only
I agree nobody should expect him to pay for everything himself. Then again there are probably a dozen or so free ways he could be securely distributing this stuff besides his own special update module.
My main point is that he doesn't seem to be completely honest with himself or with others about how this could have happened.
>>
>>108062038
>Kate, Kwrite, gedit, nano, vim, whatever
None of these fulfill the same role as notepad++. The UX of notepad++ is that you can have it open at all times on the side with many tabs. Almost like a browser without taking gigabytes of RAM.
>>
>>
File: geany.png (4.3 KB)
4.3 KB PNG
>>108062866
Geany seems to fit the bill for me, but it's clearly made with Linux in mind. Setup on Windows is kind of annoying, like having to create a settings file in AppData\Local\gtk-3.0 to get fucking dark mode
>>
>>
>>
>>108042684
Ah yes because we all know the chinese and the russians sure do keep to themselves and never hack anyone ever! They are friendly and never do anything nor would they ever do anything in favor of there own government! Please fucking kill yourself.
>>
>>
>>108042472
remember that the faggot behind notepad++ is politicaltard https://archive.is/p2saA
make of that what you will
>>
File: notepad-plus-plugins.png (26.5 KB)
26.5 KB PNG
>>108062999
>>108062878
It's not about tabs, it's about having a very small UI footprint while being interactable through the GUI
>>
>>
>>108062866
>The UX of notepad++ is that you can have it open at all times on the side with many tabs
>>108063163
>It's not about tabs
Of course. Beg my pardon.