EXECUTIVE SUMMARY
The threat actor CLotus Blossom has been linked to a supply-chain compromise involving the official hosting infrastructure of Notepad++. Attackers gained unauthorized access to distribution resources and leveraged the trusted platform to host or deliver maliciously modified components, exposing users to potential backdoor installation. By abusing the trust associated with a widely used open-source application, the attackers increased the likelihood of successful compromise while bypassing conventional security warnings. This incident highlights the continued targeting of software supply chains as a high-impact attack vector.
- Active Region: Global
- Affected Sector: Software Development, Enterprises, General Users
- Affected Product: Notepad++ (Official Distribution Infrastructure)
- Severity: High
- Published Date: February 16, 2026
TECHNICAL DETAILS
- Initial Compromise: Threat actors compromised the Notepad++ update infrastructure rather than the application source code itself. This represents a software supply-chain attack, where trust in a legitimate vendor distribution channel is abused instead of exploiting a software vulnerability.
- Malicious Payload Distribution: Compromised infrastructure was used to serve trojanized installers or components.
- Execution and Installation: Malicious code executed during normal……
