frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

High-Severity Vulnerability in Notepad++

https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-063
11•onlinenotepad•6h ago

Comments

reanimus•2h ago
Headline is a little misleading imo -- the vulnerability isn't in Notepad++ itself as much as its installer. Current users, I imagine, don't have anything to worry about.
notepad0x90•1h ago
Unless the updater also runs the installer, then you just drop your malicious dll in the right place and wait for an update, or find a way to force-trigger an update.

Attackers can also use the notepad installer as a payload execution mechanism. To run your malware, just get older notepad++ installers and drop your dll after the installer is running to run it as SYSTEM.

gertlex•2h ago
Looks like it's a vulnerability in the installer.

From a small bit of skimming, sounds like it's a user escalation vector, where a low privileged user can run the installer in a contrived manner to achieve privilege escalation.

https://github.com/notepad-plus-plus/notepad-plus-plus/secur...

So for my personal install, nothing to worry about here...

retox•2h ago
If the problem is in the installer then this can't be 'fixed', affected installers should be fingerprinted as malware.
notepad0x90•1h ago
I wanted to say the installer has no business running things as SYSTEM but I suppose there is no way around that for registering COM DLLs. I would think Attackers would need to chain this with a Uac bypass (or be fortunate enough to find Uac disabled). If Uac is setup right, administrative operations like regsvr32 should require going through consent.exe's prompt. Uac bypasses are plenty but systems can be configured to mitigate them (at least the ones I know of). Social engineering is also another good way to bypass Uac.

Prompt injections for better peer reviews

https://search.arxiv.org/
1•tkgally•1m ago•0 comments

Assessing and Modelling Temperature Forecasts with R and Stan

https://blog.foletta.net/post/2024-08-15-bom/
1•gjf•8m ago•0 comments

Show HN: Praxos – Context Management for AI Agents

1•mogusian•11m ago•0 comments

The Path to Medical Superintelligence

https://microsoft.ai/new/the-path-to-medical-superintelligence/
3•bulla•15m ago•1 comments

Probo vs. Vanta?

1•aleksdahlberg•16m ago•0 comments

A support group for Grief rooted in children's picture books

https://childrensbookforall.org/support-group/2
1•chbkall•18m ago•0 comments

Claude Code now supports Hooks

https://docs.anthropic.com/en/docs/claude-code/hooks
11•ramoz•24m ago•5 comments

GitHub billionth repo new owner

https://github.com/Red-Killer/shit
1•alexpadula•26m ago•0 comments

Importance of context management in AI NPCs

https://walterfreedom.com/post.html?id=ai-context-management
4•walterfreedom•29m ago•2 comments

Taste Is the New Intelligence

https://wildbarestepf.substack.com/p/taste-is-the-new-intelligence
9•herbertl•29m ago•2 comments

Show HN: CeresAi, Create a Clone of Anyone

https://www.ceresai.xyz/
1•Mahsanziak9•31m ago•0 comments

Melbourne man discovers extensive model train network underneath house

https://www.sbs.com.au/news/article/i-was-shocked-melbourne-mans-unbelievable-find-after-buying-house/m4sksfer8
18•cfcfcf•31m ago•4 comments

Google Developer Search Appliance – Proxmox Port

https://archive.org/details/google-search-appliance-proxmox-40G-image-inside.tar
3•CursedSilicon•32m ago•1 comments

Show HN: Local LLM Notepad – run a GPT-style model from a USB stick

https://github.com/runzhouye/Local_LLM_Notepad
3•davidye324•41m ago•0 comments

Doing My Day Job on Chimera Linux

https://www.wezm.net/v2/posts/2025/daily-driving-chimera-for-work/
5•wezm•43m ago•0 comments

AI that answers questions without making you hate the internet

2•Liemar•52m ago•0 comments

How do SO_REUSEADDR and SO_REUSEPORT differ?

https://stackoverflow.com/questions/14388706/how-do-so-reuseaddr-and-so-reuseport-differ
6•turrini•54m ago•0 comments

Elon Musk says he'll form the 'America Party' if 'insane' spending bill passes

https://www.businessinsider.com/elon-musk-vows-create-america-party-trump-spending-bill-passes-2025-6
21•MilnerRoute•55m ago•10 comments

The Decline and Fall of Our So-Called Degreed Experts

https://web.archive.org/web/20250630212253/https://www.zerohedge.com/geopolitical/decline-and-fall-our-so-called-degreed-experts
3•maga_2020•56m ago•3 comments

MTPNet: Multi-Grained Target Perception for Unified Activity Cliff Prediction

https://github.com/ZishanShu/MTPNet
2•PaulHoule•57m ago•0 comments

Trump officials create searchable national citizenship database

https://www.theguardian.com/us-news/2025/jun/30/trump-citizenship-database
7•monkaiju•57m ago•0 comments

After nine years, Ninja has merged support for the GNU Make jobserver

https://thebrokenrail.com/2025/06/30/ninja-jobserver.html
1•signa11•59m ago•0 comments

Killer whales groom each other–with pieces of kelp

https://www.science.org/content/article/killer-whales-groom-each-other-pieces-kelp
2•noleary•59m ago•0 comments

UN says infants face death as formula milk runs out

https://www.youtube.com/watch?v=9ZFfUIuFMso
2•NomDePlum•59m ago•0 comments

The Unseen Fury of Solar Storms

https://www.noemamag.com/the-unseen-fury-of-solar-storms/
3•gmays•1h ago•0 comments

Saturated Fat and Cardiovascular Disease: Systematic Review (2025)

https://www.jmaj.jp/detail.php?id=10.31662%2Fjmaj.2024-0324
1•felixbraun•1h ago•0 comments

How to use AspireUpdate to update WordPress and plugins

https://wp-expert.ch/en/2025/06/30/how-to-use-aspireupdate-to-update-wordpress-and-plugins-through-the-repository-of-your-choice/
1•swissgeek•1h ago•1 comments

On-Demand GPU Clusters – Spin up TCP clusters across cloud providers easily

https://gpus.exla.ai/
2•viraatdas•1h ago•1 comments

If you're using Microsoft Authenticator to store your passwords, don't

https://www.engadget.com/cybersecurity/if-youre-using-microsoft-authenticator-to-store-your-passwords-dont-225842265.html
6•mikece•1h ago•0 comments

The Talk Show: 'The Cutting Edge Latest Supermodel'

https://daringfireball.net/thetalkshow/2025/06/30/ep-426
1•Bogdanp•1h ago•0 comments