tech

February 4, 2026

Notepad++ says Chinese government hackers hijacked its software updates for months

The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software update mechanism to deliver tainted software to users for months.

Notepad++ says Chinese government hackers hijacked its software updates for months

TL;DR

  • Notepad++ developer Don Ho confirmed a cyberattack that hijacked the software to deliver malicious updates.
  • The attack occurred between June and December 2025.
  • Hackers are suspected to be associated with the Chinese government, identified by security experts as the Lotus Blossom group.
  • Targets included government, telecom, aviation, critical infrastructure, and media sectors.
  • The attack exploited a bug on Notepad++'s shared hosting server to redirect users to a malicious server.
  • The vulnerability was fixed in November 2025, and the hackers' access was terminated in early December.
  • The exact technical mechanism of the server breach is still under investigation.

Continue reading the original article