US EditionNotepad++ users take note: It's time to check if you're hacked
- On Monday, Notepad++ maintainer Don Ho said suspected Chinese state-sponsored attackers hijacked the update mechanism by redirecting some users to malicious update servers.
- Investigators reported the intrusion started in June 2025, and attackers retained internal credentials until December 2, despite a temporary loss in early September.
- Security researcher Kevin Beaumont said at least three organizations with East Asia interests faced targeted Notepad++ update hijacks, leading to hands-on keyboard intrusions.
- Notepad++ migrated hosting, rotated credentials, patched vulnerabilities, and confirmed malicious activity stopped; version 8.8.9 added signature verification and version 8.9 removed the self-signed root certificate, which users were urged to remove.
- With broad attention, researchers and reporters continue to investigate Notepad++, which has tens of millions of users, drawing scrutiny from CISA and media like The Register; Kevin Beaumont praised the developer.
30 Articles
30 Articles
China-based espionage group compromised Notepad++ for six months
A China-based threat group operating for almost two decades broke into the internal systems of Notepad++, an extremely popular open source-code editor, to spy on a select group of targeted users, researchers at Rapid7 said Monday. Don Ho, the author and maintainer of the open-source tool, said independent security researchers confirmed a China state-sponsored group compromised Notepad++’s server for a six-month period starting in June 2025. Ho, …
Notepad++ updates got hijacked for months and could have spied for China
Users of the text and code editor Notepad++ may have unknowingly downloaded a malicious update for the app after its shared hosting servers were hijacked last year. On Monday, the app's developer, Don Ho, posted an update on the attack with more details, including that the hackers were "likely a Chinese state-sponsored group" and that the app's servers were vulnerable for roughly six months from June through December 2nd, 2025. The post explains…
Notepad++ users take note: It's time to check if you're hacked
Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored versions of the app to select targets, developers said Monday. “I deeply apologize to all users affected by this hijacking,” the author of a post published to the official notepad-plus-plus.org site wrote Monday. The post said that the attack began last …
Notepad++ says Chinese government hackers hijacked its software updates for months
The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software update mechanism to deliver tainted software to users for months.
PSA: Update Notepad++ to version 8.9.1 after security incident
Notepad++ reports that attackers compromised its former ISP in 2025 and redirected app update traffic to malicious servers without exploiting the editor's code itself – an incident we reported last month. The project has since migrated to a new host and strengthened update verification. Users must manually update to Notepad++ 8.9.1 to receive the latest security fixes.Read Entire Article
Coverage Details
Bias Distribution
- 75% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
