TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Security researchers attributed a Notepad++ update hijacking attack to Lotus Blossom, a Chinese state-sponsored APT group. The attackers compromised shared hosting infrastructure to selectively redirect update traffic and deliver Chrysalis, a sophisticated new backdoor. The malware uses DLL sideloading via a renamed Bitdefender binary, custom API hashing, and multiple obfuscation layers. Lotus Blossom typically targets government, telecom, aviation, and critical infrastructure organizations in Southeast Asia and Central America. Rapid7 published indicators of compromise for detection.

Notepad++ hijacking linked to Chinese Lotus Blossom crew