Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...

The developer of the popular open source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025. In a ...

Malicious actors served fake Notepad++ updates via the official site from June to December 2025. Older Notepad++ versions lacked update verification, letting targets get malware—upgrade to v8.9.1.

Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today.

Notepad++ targeted in sophisticated supply-chain style attack via compromised hosting server Attackers delivered tainted updates to select victims, exploiting weak update verification controls Breach ...

The likely state-sponsored threat actor had access to the hosting provider for months and targeted only certain Notepad++ customers. Notepad++ on Monday shared additional details on the supply chain ...

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] ...

PCWorld reports that Notepad++’s WinGUp update system was compromised between June and December 2025, delivering malware through corrupted executables to targeted users. While the popular text editor ...

Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled ...

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...

The app’s servers were compromised from June through December 2025. The app’s servers were compromised from June through December 2025. is a news writer covering all things consumer tech. Stevie ...