IoCs and detection rules for the Notepad++ supply chain attack (CVE-2025-15556) — Lotus Blossom APT, June–December 2025. Includes Falcon LogScale queries, YARA/Sigma rules, and MITRE ATT&CK mapping.

The National Security Agency has released two phases of its Zero Trust Implementation Guidelines for organizations to improve their zero trust architecture.… The AHA Feb. 9 released a series of ...

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the ...

Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...

During the investigation, the unnamed hosting provider for notepad-plus-plus.org confirmed that its logs showed signs of a compromise. On Sept. 2, a server update booted the hackers out. However, they ...

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] ...

Chinese state-sponsored hackers compromised Notepad++ update infrastructure at the hosting provider level, not through vulnerabilities in the app's code itself. The espionage campaign ran from June to ...