Lotus Blossom is a apt_group tracked across 3 threat clusters and 12 intelligence report mentions on ThreatCluster. First observed February 2, 2026; most recent activity May 6, 2026.
Between June and December 2025, the Chinese state group Lotus Blossom compromised the shared hosting provider for Notepad++, redirecting update traffic to deliver malicious installers to targeted users. The attackers…
A supply chain attack has compromised the DAEMON Tools software installers, which began on April 8, 2026. Kaspersky identified that these trojanized installers, signed with legitimate digital certificates, have affected…
Notepad++ has been hijacked by state-sponsored hackers, specifically a likely Chinese threat actor. The attackers compromised the software's update mechanism between June and December 2025, allowing them to redirect…