UpdateGuard

Notepad++ just got supply-chain hijacked. State hackers redirected the updater to serve backdoored binaries. Your machines auto-update dozens of apps, and every one of those update channels is a trust-me-bro handshake. If the channel gets compromised, you install malware through your own update process.

Lightweight agent that monitors your installed software updates and verifies them against known-good checksums before they run. Community hash database, fleet-wide visibility, instant alerts on mismatches. Know which machines have the compromised version — before the IOCs drop.