Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

abadidea @0xabad1dea@infosec.exchange

2/2/2026, 8:27:04 AM

Public

Notepad++'s update mechanism was compromised from June to December 2025. They believe it was a state actor practicing selective targeting and not a no-hosts-refused malware gang situation. https://notepad-plus-plus.org/news/hijacked-incident-info-update/

Notepad++ Hijacked by State-Sponsored Hackers | Notepad++

notepad-plus-plus.org

abadidea @0xabad1dea@infosec.exchange

2/2/2026, 4:06:47 PM

Public

Interestingly, @GossiTheDogKevin Beaumont was pretty on top of this in December weeks before Notepad++ formally disclosed. I agree with the assessment that, while Notepad++’s update situation was a little shaky, fundamentally it wasn’t gross negligence on their part but attracting powerful attention. (The developer is very openly pro-Taiwan and pro-Ukraine, and the state actors may have reasoned it was a good way to gain access to orgs with aligned views)

https://cyberplace.social/@GossiTheDog/116000636303016143

Kevin Beaumont (@GossiTheDog@cyberplace.social)

Here’s my original blog with threat hunting suggestions: https://doublepulsar.com/small-numbers-of-notepad-users-reporting-security-woes-371d7a3fd2d9 Of note - the cyber industry entirely slept through it. A cartoon porg with #GAYINT threat intelligence had to blow it up.

cyberplace.social · Cyberplace

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/0xabad1dea/statuses/116001892456495374 on your instance and quote it. (Note that quoting is not supported in Mastodon.)