Users could be tricked into running arbitrary code, but the issue was patched last week.
微软近日发布了一项安全更新,修复了 Windows“记事本”应用程序中的一个高危漏洞。需注意的是,此问题与近期 Notepad++ 出现的安全事件无关。该漏洞可能被攻击者利用,在受害者计算机上远程执行恶意代码。
根据Rapid7和卡巴斯基的报告,被篡改的更新使攻击者能够投递一个此前未记录的后门程序,名为Chrysalis。这起供应链事件被跟踪为CVE标识符CVE-2025-15556(CVSS评分:7.7),已被归因于名为Lotus ...
The vulnerability comes from the way Notepad handles Markdown hyperlinks. Attackers craft malicious .md files with embedded ...
Notepad++ 8.9.2 fixes update hijack exploited to deliver malware, patches RCE flaw, and hardens WinGUp security.
据Notepad++称,该事件始于6月。共享托管服务遭到入侵直到9月2日,即使在失去访问权限后,攻击者仍保留了内部服务的凭证直到12月2日。虽然调查显示攻击于11月10日结束,但Notepad++作者写道:"我估计整个入侵期从6月持续到2025年12月2日,那时所有攻击者访问权限被彻底终止。" ...
Microsoft has patched a high-severity RCE vulnerability in the Windows 11 Notepad app that could allow attackers to silently execute malicious files ...
Morning Overview on MSN
Microsoft’s new AI Notepad just opened a terrifyingly easy hacker loophole
A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning ...
Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or ...
Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that ...
There's a remote code execution vulnerability in Notepad which is leveraged via the recently introduced formatting abilities to make tables in the app.
Windows Latest has learned that Microsoft is adding image support to Notepad on Windows 11, and sources told us that the ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果