The WinGUp updater used by Notepad++ < 8.8.9 failed to verify download signatures. Lotus Blossom replaced legit installers with Cobalt Strike + Chrysalis. Auto-update across the dev toolchain is a hidden attack surface most teams have no inventory of.
← Findings
Notepad++ update channel hijacked for six months
WinGUp updater used by Notepad++ < 8.8.9 failed to verify download signatures. Lotus Blossom replaced legit installers with Cobalt Strike + Chrysalis.