At that point that bolt is getting destructively removed and replaced with a different bolt from the hardware store. Unless they have custom thread pitches, there’s going to be an easy replacement.

Edit but I don’t own a BMW and never will, my first car was the bargainest basement commuter car and my next one will be too.

He’s talking about a cheap NVR with poe built in. The only thing on the network is the NVR.

Can’t tell if that would have helped

which could have allowed the malicious actors to redirect some of the traffic going to https://notepad-plus-plus.org/getDownloadUrl.php to their own servers

They could have just piped the binaries though the same server since they had this level of access. They would have had months to figure it out.

Expanding on this: the exploit was against their domain name, redirecting selected update requests away from the notepad++ servers. The software itself didn’t validate that the domain actually points to notepad++ servers, and the notepad++ update servers would not see any information that would tell them what was happening.

Likely they picked some specific developers with a known public IP, and only used this to inject those specific people with malware.