"The attackers started redirecting traffic from Notepad++ to their servers sometime in June 2025, and that went on until December 2. Their method involved compromising the system at the hosting provider level, though the exact technical mechanism that allowed them to intercept traffic remains under investigation. In addition to releasing a security patch, Notepad++ also migrated to a new hosting provider with much stronger security practices."
"Last year, the creator of Notepad++ rolled out an update for the text and source code editor after security experts reported that bad actors were hijacking its update mechanism to redirect traffic to malicious servers. It led to users downloading compromised executables that could infect their devices. Now, Don Ho has revealed that multiple security experts investigated the breach and determined that the threat actor "is likely a Chinese state-sponsored group.""
Notepad++ experienced a supply-chain compromise that began in June 2025 and continued until December 2, during which some update traffic was redirected to attacker-controlled servers. Targeted users downloaded compromised executables that could infect their devices. Multiple security experts assessed the breach and concluded the threat actor is likely a Chinese state-sponsored group, which aligns with the highly selective targeting observed. Attackers appear to have compromised systems at the hosting provider level, though the precise interception method remains under investigation. Notepad++ released a security patch, migrated to a new, more secure hosting provider, and recommends installing version 8.9.1 and running the installer manually.
Read at Engadget
Unable to calculate read time
Collection
[
|
...
]