alt Hacker NewsCan someone help clarify this for me?
Is it correct to say that users would only get the compromised version if they downloaded from the website?
Notepad++ has auto-update feature, is there any indication that updates from the AutoUpdate were compromised?
No, it's specifically the updates that were targetted. I'm unsure about the downloads but those too are presumably at risk.
> The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.