Notepad++ says Chinese government hackers hijacked its software updates for months

The developers behind the popular open-source text editor Notepad++ have revealed that their software was hijacked to distribute malicious updates to users for several months in 2025. In a blog post, Don Ho, the creator of Notepad++, disclosed that this cyber intrusion was likely perpetrated by hackers believed to be affiliated with the Chinese government, occurring from June to December 2025, as indicated by cybersecurity experts. Ho noted that the attack demonstrated a highly selective targeting of victims, although he did not disclose the number of affected users or organizations. The specifics surrounding the extent of the breach remain uncertain, and inquiries sent to Ho had not received a response by the time of publication. Notepad++ has been a staple in the open-source community for over twenty years, with millions of downloads, including use by numerous global organizations. Security researcher Kevin Beaumont, who initially uncovered the breach, reported that a limited number of organizations, particularly those with interests in East Asia, were compromised after users inadvertently downloaded a contaminated version of the software. Beaumont explained that this breach allowed hackers to gain direct access to the computers of those running the tampered versions of Notepad++. Ho mentioned that the method of infiltration is still being investigated but provided insights into the attack's execution. The Notepad++ website was hosted on a shared server, and the attackers specifically targeted the domain to exploit a software vulnerability, redirecting some users to a malicious server they controlled. This exploitation enabled the hackers to push harmful updates to users who sought to upgrade their software until the issue was resolved in November and their access was cut off by early December. Ho confirmed that logs indicated the hackers attempted to exploit fixed vulnerabilities but were unsuccessful after the patches were applied. In light of this incident, Ho expressed his apologies and urged users to download the latest version of Notepad++, which addresses the vulnerability. This incident echoes the notorious SolarWinds cyberattack from 2019-2020, in which Russian government hackers infiltrated the company’s systems to implant a backdoor in their software, affecting various U.S. government agencies and corporations.