Notepad-Plus Fuss: Notepad++ Supply Chain Attack Analysis

This report analyzes a targeted supply-chain compromise of Notepad++ where a state-aligned actor hijacked the WinGUp updater to distribute trojanized executables (update.exe/installer_release.exe), detailing payload installation, DLL sideloading, Mark-of-the-Web bypass, timestomping, C2 behavior, CVE-2025-15556, and provided IOCs and mitigation recommendations.