New CTI Lab: Lotus Blossom Notepad ++ Campaign: Analysis

benhopkins

Immerser

2 days ago

Today, Immersive's Container 7 Research Team have released a lab covering the latest intrusion abusing the Notepad++ update pipeline by Lotus Blossom.

In January 2026, threat researchers at Rapid7 detailed a sophisticated supply chain attack targeting the Notepad++ update mechanism. Between July and October 2025, attackers compromised the project’s...

Published 2 days ago

Version 1.0

cyber threat intelligence

news & announcements

benhopkins

Immerser

Ben Hopkins currently works as a Cyber Threat Intelligence Researcher at Immersive Before working at Immersive, Ben spent 6 years as a Police Officer. He started on response, responding to 999 calls for service, such as thefts and burglaries in progress, assaults, road traffic incidents, and domestics. He then spent time working in intelligence-led policing, tackling organised criminality, modern slavery, and county lines. Ben regularly researches and investigates cybercriminals and the tooling they use. He shares this information with the cyber community through malware reports, blogs, and talks to internal stakeholders, external events, and the Human Connection Community.

View Profile

The Human Connection Blog

Learn from our experts

Blog Post

New CTI Lab: Lotus Blossom Notepad ++ Campaign: Analysis

Today, Immersive's Container 7 Research Team have released a lab covering the latest intrusion abusing the Notepad++ update pipeline by Lotus Blossom.