"Notepad++ on Monday shared additional details on the supply chain attack that came to light in December 2025, saying that a threat actor likely sponsored by the Chinese government targeted some customers through its hosting provider. News of the incident broke after Notepad++ released updates designed to prevent the free source code editor's updater from being hijacked. Security researcher Kevin Beaumont reported in early December that a handful of organizations using Notepad++ had been targeted with malicious software updates."
""According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org," Ho explained. He added, "The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled server malicious update manifests.""
""Multiple independent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group, which would explain the highly selective targeting observed during the campaign," Ho noted. Information collected during the hosting provider's investigation revealed that the attackers specifically targeted Notepad++ to intercept its users' traffic. The provider found no evidence that other customers on"
Notepad++ confirmed a supply chain attack discovered in December 2025 that used a hosting provider compromise to intercept and redirect update traffic for targeted users. The compromise allowed attackers to serve malicious update manifests without exploiting Notepad++ code. Security researcher Kevin Beaumont reported organizations, including telecoms and financial services firms in East Asia, received malicious updates. Notepad++ worked with external security experts and the hosting provider to investigate. Multiple independent researchers assessed the threat actor is likely Chinese state-sponsored. The hosting provider found attackers specifically targeted Notepad++ traffic and no evidence of broader customer compromise.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]