Notepad++ hit by suspected Chinese state-sponsored hackers - here's what we know so far

Notepad++ hit by suspected Chinese state-sponsored hackers – here’s what we know so far | Daily Reports Online

Share


  • Notepad++ targeted in sophisticated supply-chain style attack via compromised hosting server
  • Attackers delivered tainted updates to select victims, exploiting weak update verification controls
  • Breach lasted from June to December 2025, likely tied to Chinese state-sponsored actors, prompting migration to new hosting and hardened update verification

Notepad++ has confirmed it was the victim of a highly targeted and sophisticated cyberattack, most likely conducted by a Chinese state-sponsored threat actor.


In a security notice published on the project’s website, the company explained attackers managed to compromise the shared hosting provider’s server, and used it to deliver tainted updates to a handful of carefully selected victims.




Similar Posts