A Chinese-linked cyberespionage group with a long history hijacked ⁠the update process for the popular code editing platform Notepad++ to deliver a custom backdoor and other malware to targeted users, ...

Notepad++ targeted and used to deliver poisoned updates to a select group of victims.

Notepad++ update process hijacked for targeted cyberespionage Cybersecurity firm Rapid7 links attack to Chinese group Lotus Blossom China denies involvement, citing lack of evidence Feb 2 (Reuters) - ...

Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...

Following the patching of a previously exploited security vulnerability in the update mechanism by a Notepad++ update in December, investigation results on the incidents are now available. According ...

Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today.

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...

The powerful and popular open-source text editor Notepad++ made headlines in early December, as attackers in Southeast Asia were specifically injecting malware to victims, partly due to the use of ...

When working with HTML files in Notepad++, many users expect to open the current file directly in Google Chrome or Mozilla Firefox using the Run option. However, Chrome and Firefox do not appear by ...

PSA: Notepad++ users who haven't yet updated to version 8.8.9 or later should manually download the latest installer as soon as possible. Following reports of malicious activity, a December 2025 ...