Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Blog

Byadmblake February 3, 2026

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortly

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.
The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.
The development comes shortly

Blog

Novel Phishing Attack Combines AES With Poisoned npm Packages

Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.

Read More Novel Phishing Attack Combines AES With Poisoned npm Packages
Blog

6 AI-Related Security Trends to Watch in 2025

AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks.

Read More 6 AI-Related Security Trends to Watch in 2025
Blog

‘PoisonSeed’ Attacker Skates Around FIDO Keys

Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.

Read More ‘PoisonSeed’ Attacker Skates Around FIDO Keys
Blog

AI-Powered Presentation Tool Leveraged in Phishing Attacks

Researchers at Abnormal Security said threat actors are using a legitimate presentation and graphic design tool named “Gamma” in phishing attacks.

Read More AI-Powered Presentation Tool Leveraged in Phishing Attacks
Blog

FileFix Attack Chain Enables Malicious Script Execution

By using social engineering tactics, threat actors are able to manipulate their victims into saving and renaming files that will backfire against them.

Read More FileFix Attack Chain Enables Malicious Script Execution
Blog

Android Spyware in the UAE Masquerades as … Spyware

In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app.

Read More Android Spyware in the UAE Masquerades as … Spyware

Related