The Notepad++ website was hijacked by 'malicious actors' last year and security researchers are picking through the wreckage

It's believed that, between June and November 10/December 2, 2025 (independent security experts and its hosting provider disagree on the exact timings), a shared hosting server was compromised, ...

How Chinese hackers used Notepad++ to spy on companies doing business in East Asia

Notepad++ users faced a serious threat as Chinese state-sponsored hackers compromised update servers for half of 2025, ...
The Hacker News

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates, fixed in v8.8.9 ...

Notepad++: Updater takeover by state actors

Attackers had specifically delivered malware to systems using the Notepad++ updater. Investigations point to state actors.
The Hacker News

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.