CSO Online

Notepad++ infrastructure hijacked by Chinese APT in sophisticated supply chain attack

The hosting provider's compromise allowed attackers to deliver malware through tainted software updates for six months.

Notepad++ updates got hijacked for months and could have spied for China

The developer did not specify when they became aware of the attack, but said that “all attacker access was definitively ...
The Register on MSN

Notepad++ hijacking blamed on Chinese Lotus Blossom crew behind Chrysalis backdoor

The group targets telecoms, critical infrastructure - all the usual high-value orgs Security researchers have attributed the ...
Dark Reading

Chinese Hackers Hijack Notepad++ Updates for 6 Months

State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious ...
Devdiscourse

Notepad++ Update Hijacked by Cyberespionage Group, Sparks Cybersecurity Alert

A Chinese-linked cyberespionage group targeted Notepad++'s update process to deploy malware. The attack from June to December 2025 selectively affected users, prompting investigations. Hosting ...
XDA Developers on MSN

Notepad++ has allegedly been spying on targeted users after a malicious update got in

The attacks came from a third-party and not from the Notepad++ team.
SecurityWeek

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

Notepad++ has shared additional details on the supply chain attack carried out by Chinese state-sponsored hackers via a ...