How to Bury a Major Breach Notification Link
That’s because in addition to compromising the download page for this software package, the attackers also hacked the company’s software update server, meaning any company that already had the software installed prior to the site compromise would likely have automatically downloaded the compromised version when the software regularly checked for available updates (as it was designed to do).
Read all the way to the bottom for the updates. Unscrupulous at best.