Notepad++ hijacked by state-sponsored actors
3 days ago
- #software updates
- #state-sponsored hacking
- #cybersecurity
- Notepad++ was hijacked by state-sponsored hackers, likely from China, targeting update traffic.
- The attack involved infrastructure-level compromise at the hosting provider level, not Notepad++ code vulnerabilities.
- Attackers selectively redirected traffic to malicious servers from June to December 2025.
- Hosting provider took action by transferring clients to a new server and rotating credentials.
- Remediation was completed by December 2, 2025, blocking further attacker activity.
- Notepad++ enhanced security with certificate and signature verification for updates.
- The Notepad++ website was migrated to a new hosting provider with stronger security practices.