State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious ...

The developer did not specify when they became aware of the attack, but said that “all attacker access was definitively ...

The program is a free text and code editor that's been downloaded millions of times. The compromise began in June and is ...

State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious ...

Notepad++'s updater usually pops up, but users can also prompt it by selecting the "?" dropdown in the taskbar. Christopher ...

Notepad++ has shared additional details on the supply chain attack carried out by Chinese state-sponsored hackers via a ...

Chinese state-sponsored hackers are suspected of compromising Notepad++ update infrastructure in a hosting-level breach and selectively infecting users with malware.

A months-long supply chain attack that affected the Notepad++ update process has been linked to a compromise of shared hosting infrastructure rather than a flaw in the software's code. This according ...

The recent compromise, as reported by developer Don Ho, involved an infrastructure-level breach at the hosting provider rather than any flaws within Notepad++ itself. Ho stated, "The attack involved ...

A Chinese-linked cyberespionage group named Lotus Blossom hijacked the update process of Notepad++ to target specific users. Gaining access in June 2025, they maintained control until December that ...

A Chinese-linked cyberespionage group targeted Notepad++'s update process to deploy malware. The attack from June to December 2025 selectively affected users, prompting investigations. Hosting ...

Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - ...