Home / Technology / Notepad++ Hacked: Malicious Updates Delivered to Users
Notepad++ Hacked: Malicious Updates Delivered to Users
2 Feb
Summary
- Hackers compromised Notepad++ software to deliver malicious updates.
- The attack targeted users between June and December 2025.
- Chinese government hackers are suspected in the supply chain attack.
In a significant security incident that concluded in early December 2025, the popular open-source text editor Notepad++ was compromised by hackers. These attackers successfully hijacked the software's update mechanism between June and December 2025, distributing malicious updates to unsuspecting users. Security experts, analyzing the highly selective targeting, suspect involvement of hackers associated with the Chinese government.
The breach's technical details are still under investigation, but the attackers exploited a bug on a shared hosting server to redirect users to a malicious server. This allowed them to deliver tainted updates until the vulnerability was fixed in November 2025. Although the exact number of affected users remains undisclosed, the incident affected organizations with interests in East Asia, granting attackers hands-on access.
Developers have apologized and urged users to update to the latest version, which includes a fix for the exploited bug. This event draws parallels to the 2019-2020 SolarWinds breach, where Russian government hackers similarly infiltrated software updates to gain access to sensitive data.
