Notepad++ update feature hijacked by Chinese state hackers for months

progo writes:

Many IT professionals, especially system administrators and developers, use Notepad++ as their default text editor on Windows, because Windows Notepad has historically been missing critical features for power users.

Today, the Notepad++ project announced that they've discovered their update channel has been compromised by attackers since June 2025.

BleepingComputer published a report:

Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today.

The attackers intercepted and selectively redirected update requests from certain users to malicious servers, serving tampered update manifests by exploiting a security gap in the Notepad++ update verification controls.

A statement from the hosting provider for the update feature explains that the logs indicate that the attacker compromised the server with the Notepad++ update application.

External security experts helping with the investigation found that the attack started in June 2025. According the developer, the breach had a narrow targeting scope and redirected only specific users to the attacker's infrastructure.

Notepad++ is likely to be installed on any Windows-based development environment or server. There are indications that this was a targeted attack and you may not have been directly affected. This is a developing story. I recommend you follow BleepingComputer for updates.

Original Submission

Read more of this story at SoylentNews.