A China-based threat group operating for almost two decades broke into the internal systems of Notepad++, an extremely popular open source-code editor, to spy on a select group of targeted users, researchers at Rapid7 said Monday.

Don Ho, the author and maintainer of the open-source tool, said independent security researchers confirmed a China state-sponsored group compromised Notepad++’s server for a six-month period starting in June 2025. Ho, who did not respond to a request for comment, released a software update Dec. 9 claiming to address authentication weaknesses that allowed attackers to hijack the Notepad++ updater client and user traffic.

The Chinese APT group Lotus Blossom, which has been active since at least 2009, gained recurring access and deployed various payloads — including a custom backdoor — to snoop on some users’ activities, according to Rapid7. The espionage group is also known as Billbug, Thrip and Raspberry Typhoon. 

“We have no evidence of bulk data exfiltration,” Christiaan Beek, senior director of threat intelligence and analytics at Rapid7, told CyberScoop. “The tooling observed is consistent with post-compromise reconnaissance, command execution, and selective data access, rather than broad data harvesting.”

The attacks, which showcased resilience and stealth tradecraft, did not result in a mass compromise of all Notepad++ users, but rather a limited number of affected environments, according to Rapid7.

“Post-compromise behavior included system profiling, persistence mechanisms, and remote command execution consistent with long-term espionage access rather than immediate disruption or monetization,” Beek added. “The objective appears aligned with strategic intelligence collection, consistent with Lotus Blossom’s historical operations.”

The former hosting provider for Notepad++ said the attackers lost access to the tool’s server on Sept. 2, but maintained legitimate credentials to internal services until Dec. 2, which allowed the attackers to redirect Notepad++ update traffic to malicious servers, Ho said in a blog post. 

Ho did not say when or how they first became aware of unauthorized access to Notepad++’s systems. The website, which attackers targeted to exploit “insufficient update verification controls that existed in older versions of Notepad++,” was moved to a new hosting provider with stronger security practices, Ho said in the blog post.

Beek confirmed that Lotus Blossom’s unauthorized access appears to have been disrupted, noting that its known infrastructure linked to the months-long campaign is no longer active. Some security researchers started surfacing reports of incidents linked to Notepad++ in November.

While Notepad++’s internal system improvements appear to have halted the malicious activity, users running older versions of the software should still update as a precaution, Beek said. “We are not seeing ongoing active exploitation tied to this campaign.”

Lotus Blossom targeted software that provided potential access to many sensitive targets. The Windows-based tool, which was first released in 2003 and typically used as an alternative to Windows Notepad, is widely used by developers, IT administrators, engineers and analysts, including some working in government, telecom, critical infrastructure and media, Beek said.

Many security researchers, analysts and users have taken their concerns to social media to warn about the potential risk of the long-term intrusion and share worries about the ultimate impact of the campaign.

“Observed activity suggests selective, targeted follow-on exploitation,” Beek added, “not opportunistic mass infection.”

The post China-based espionage group compromised Notepad++ for six months appeared first on CyberScoop.

ChatGPT users beware: your browser extensions could be used to steal your accounts and identity.

LayerX Research has identified at least 16 Chrome browser extensions for ChatGPT floating around the internet that promise to enhance work productivity. All show signs of being built by the same threat actor and designed for the same purpose: to pilfer account credentials.

According to security researcher Natalie Zargarov, as legitimate AI browser extensions have become more widely used, “many of these extensions mimic known brands to gain users’ trust, particularly those designed to enhance interaction with large language models.”

“As these extensions increasingly require deep integration with authenticated web applications, they introduce a materially expanded browser attack surface,” Zargarov wrote.

That’s what the threat actor appears to have done in this case. The malicious extensions do not deploy malware or attack the model directly, they instead exploit vulnerabilities in the web-based authentication process used to verify ChatGPT users.

In order to work, many of these tools need access to authenticated AI sessions and high-level execution privileges within the browser itself. That combination of “high privilege, user trust and rapid adoption” makes them attractive targets to compromise for threat actors.

All but one of the extensions compromised their victims in the same way. A script injected into chatgpt.com monitors outbound requests coming from the ChatGPT web application. When a request goes out containing authorization details and the user’s session token data, the malicious extension extracts the information to a remote server.

With the user’s token in hand, the attackers can use them to authenticate ChatGPT sessions under the victim’s identity, access chat histories and applications that connect ChatGPT to other sensitive data sources, like Slack and GitHub.

Beyond token theft, the browser extensions also send metadata, usage telemetry and backend-issued access tokens used by the extension service to a third-party server.

The browsers share similar codebases used across different identities, consistent publisher characteristics across multiple listings and “highly similar icons, branding and descriptions.” In addition to their overlapping advertised functionality for enhancing productivity, they also displayed overlapping behaviors such as uploading batches of extensions on the same day, synchronized updates to several extensions at once, share backend infrastructure and web domains.

According to Zagarov’s blog, all 16 of the malicious extensions remain available on the Chrome Web Store today. CyberScoop has reached out to Google, which manages the Chrome browser, for comment.

All told, downloads have been low: about 900 total across the 16 browser extensions LayerX identified. Zagarov notes this is “a drop in the bucket” compared to other major browser extension campaigns like GhostPoster, which was downloaded more than 830,000 times and the Roly Poly VPN extension, which had over 31,000 documented installations.

But Zagarov said given the increasing popularity of AI browser extensions and the evidence that other actors are targeting the same weaknesses, time is not on defenders’  side.

“It just takes one iteration for a malicious extension to become popular,” Zargarov wrote. “We believe that GPT optimizers will soon become as popular as (not more than) VPN extensions, which is why we prioritized the publication of this analysis. Our goal is to shut it down BEFORE it hits critical mass.”

The post Some ChatGPT browser extensions are stealing your data appeared first on CyberScoop.

ISSUE 22.46 • 2025-11-17 ON SECURITY By Susan Bradley Since we first started using technology, we’ve had to deal with change. We’ve gone from a time where having a computer was unusual to a time where having a computer in your pocket is normal. Or nearly normal. Because businesses are facing more and more threats […]

One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

The post Getting Started with NetExec: Streamlining Network Discovery and Access appeared first on Black Hills Information Security, Inc..

In this video, Michael Allen discusses how to test Adversary-in-the-Middle attacks without using hacking tools. He delves into the intricacies of credential harvesting, the evolution of multi-factor authentication (MFA), and how attackers adapt their strategies to bypass security measures.

The post How to Test Adversary-in-the-Middle Without Hacking Tools appeared first on Black Hills Information Security, Inc..

BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]

The post When Infosec and Weed Collide: Handling Administrative Actions Safely appeared first on Black Hills Information Security, Inc..

Carrie Roberts // Answer: Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described here in this great post by Beau Bullock. […]

The post Question:  What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal? appeared first on Black Hills Information Security, Inc..

Logan Lembke // Kerberos authentication can be daunting but is an important protocol to understand for any IT professional, and especially important in the field of information security. While you […]

The post What’s trust among schoolchildren: Kerberos Authentication Explained appeared first on Black Hills Information Security, Inc..