Inside the EmEditor supply chain compromise

This technical investigation analyzes the December 2025 EmEditor software supply-chain compromise, detailing how adversaries modified MSI installers (overwriting installer actions and embedding VBScript/PowerShell stagers), exposed deterministic forensic artifacts in MSI SummaryInformation, and operated reusable C2 infrastructure; the report provides hashes, domains, IPs, URLs, timeline analysis, and mitigation recommendations for early domain monitoring and build/package integrity controls.