Notepad++ updates got hijacked for months and could have spied for China

The developer did not specify when they became aware of the attack, but said that “all attacker access was definitively terminated” by December 2nd. The Notepad++ updater has been updated itself with ...

Hijacked Notepad++ updater quietly targeted users for months

Notepad++ is a favorite of programmers and other power users, but its auto-update function was compromised for months in 2025 ...
The Hacker News

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates, fixed in v8.8.9 ...

Notepad++ was hijacked by bad actors in 2025. Here's what you need to know.

The popular Notepad alternative was hijacked by bad actors for several months in 2025, but the latest update appears to solve the issue.

The Notepad++ website was hijacked by 'malicious actors' last year and security researchers are picking through the wreckage

It's believed that, between June and November 10/December 2, 2025 (independent security experts and its hosting provider ...
PCMag

Chinese Hackers Hit Notepad++ to Serve Malicious Update

The program is a free text and code editor that's been downloaded millions of times. The compromise began in June and is ...