Notepad++ Update Hijacked by Chinese Hackers Months Long Compromise
During a cyberattack between June and December 2025, hackers associated with the Chinese government compromised the open-source text editor Notepad++. Exploiting a bug in the software and a shared hosting server, attackers delivered malicious updates to targeted users, including those in government, telecom, and critical infrastructure sectors. This sophisticated espionage campaign, attributed to the Lotus Blossom group, allowed hackers to gain hands-on access to victim systems until the vulnerability was patched in November. The developer has since apologized and urged users to update to the latest version.
John Q. Hosedrinker