Download the latest version and install that, instead of using the auto update feature of an old version that might not properly check signatures.
As for whether anything else has been compromised, it depends on whether you were targeted. And the payload might have been tailored to each target, so there's no way to know unless you have access to the exact binary. Unfortunately, binaries downloaded through the auto update feature tend not to linger in your Downloads folder.
"The security exper’s analysis indicates the attack ceased on November 10, 2025, while the hosting provider’s statement shows potential attacker access until December 2, 2025. Based on both assessment, I estimate the overall compromise period spanned from June through December 2, 2025, when all attacker access was definitively terminated."
Yeah, that refers to the MITM attack on the update server. We have no fucking clue what they actually did while they were in the middle - whatever exploit code was running may very well be running right now on compromised machines. Nobody knows what the compromised exes actually did.
Thanks for your nonanswer, though. It was about as unhelpful and unspecific as the original blogpost for this.
> Based on both assessment, I estimate the overall compromise period spanned from June through December 2, 2025, when all attacker access was definitively terminated.
Disable auto-updates, just like you should with every piece of software on your machine. This was the result of letting other people silently replace your programs. Don't allow that.
Centralized automatic updates, like those of a Linux distribution or Microsoft's Windows Updates, involve giving permission to way fewer parties permission to download and run (unsigned, in the case of Notepad++ this time) code on your machine with high privileges.
And for more modern software distribution mechanisms (e.g., Nix, Guix, Flatpak), centralized package updates may not actually run any vendor code with high privileges at all.
The norm for proprietary software updates on Windows is indeed a free-for-all of every publisher downloading and running code with admin rights, and it is indeed a terrible way to operate. Avoiding that kind of madness doesn't necessarily mean running lots of old, vulnerable software.
If you're on a laptop model, you use the laptop's keyboard or mouse. I believe that for desktop models, if there is a keyboard or mouse plugged in at startup, it does not prompt.
> I believe that for desktop models, if there is a keyboard or mouse plugged in at startup, it does not prompt.
Which just underscores how ridiculous this new "security model" actually is if Apple had to put in an exception just to allow baseline required computer peripherals to work correctly.
Locally 3g was the most reliable. I think we're working backwards in accessibility of the network. It seemed just a few years ago, all we needed was a tower every so often, now we have towers and microcells. Is it a capacity issue or have we pushed into a spectrum that is more suited to dense cities rather than less dense towns?
I think capacity is a big part of it? People consuming a lot more video at higher resolutions so while 3G might have been fine for the time we needed to upgrade to squeeze more bandwidth into the available spectrum. It wouldn't be so bad if phones were better and switching to the best available signal, they they could use the efficient 5G connection when it's available, but fall back to 4G when the 5G is blocked by a building or something (which I gather is more common due to the high frequencies used)
I remember in the 3G era needing an Optus "HomeZone" at our house in Australia. Only 30 minutes drive from the dead center of a capital city, but our "country town" had a single cell tower and we were on the edge of town. So we'd get a single bar indoors and 2 bars outdoors
On macOS Safari, it causes the mouse to disappear when you transition from the browser window to another screen. I can't help but wonder how much money they spent creating that nuisance.
I feel my attention at work has gotten worse, the ability to focus has decreased. Sure, part of it is caused by my phone (gotta keep the music/background noise going oh and might as well glance at reddit) but ALOT of it is being a senior engineer.
It is my place to be asked questions throughout the day and I'd rather be asked questions than not. It takes me out of the zone and Sometimes it feels as though my mind is juggling 3+ tasks at once because of the questions I've been asked. I've learned through interaction with reality that some programmers need a bit more guidance when it comes to tasks, some will dig down the correct paths, some will dig down the incorrect paths, and some will just stop and wait for help (which is ok). I feel that at times I've done a poor job of guiding some people.
There have been days where I might actually start work on my individual tasks 5-6 hours into the day and staying late after everyone leaves is key to getting back in the zone and solving a problem.
There are salary discrepancies everywhere in the world. If you mean the salaries across countries, you're comparing apples and oranges. €100k in Berlin goes much further than $100k in Houston (a random big city in the US, I don't think Berlin is comparable to NYC)
The problem with that is that you end up paying everything twice because state funded healthcare sucks, the state pension sucks and the state paid ma/paternity leave is quite short.
If you're in a good tech company in Europe you generally end up having private healthcare, a private pension with employer's top up and extended ma/paternity leave.
The problem is that taxes in the USA are still fairly high and comparable to the ones in EU - you would expect some services for the amount of money you're paying.
That said, having lived in countries with state run services all my life, I don't think the solution is state run services, but cheaper private services. The problem in the USA is that governments and insurance companies inflated the cost of healthcare ridiculously.
Similarly the cost of universities in the USA has been inflated following government intervention.
Talking about state run services:
Between waiting times, poor support and the lack of competition the quality is pretty bad, despite what the state propaganda will tell you.
Having lived in the UK and in Italy I cannot but laugh hearing that NHS or the SSN are "the best healthcare systems in the world". The amount of bad experiences I had is ridiculous (some of which could have damaged my family health, had we not had the money to pursue private treatment).
Universities in Italy, which are pretty cheap at 3-4k€ per year, have several deficiencies and, despite having a handful of great professors who do it out of passion (maybe while running a profitable business on the side), it has its fair share of problems.
Not to mention the amount of freelancers in Italy who pay pension contributions every month who will never see a penny for their money.
Tech companies also pay for health insurance, sick leave, and ma/pa leave. Sure pensions aren't a big thing, but increased savings from increased salary can make up for that (not to mention 401k).
The difference: It's not up to the companies in most of western Europe. These services are guaranteed by law, and provided by the state.
>but increased savings from increased salary can make up for that (not to mention 401k).
And huge medical bills can quickly eat up even substantial savings...that doesn't happen as easily when medical services are provided by universal coverage.
Also, state guaranteed pensions aren't lost if some company in a portfolio crashes.
