Notepad++ updates got hijacked for months and could have spied for China

Users of the text and code editor Notepad++ may have unknowingly downloaded a malicious update due to a security breach that occurred from June 2025 until December 2, 2025. The developer of Notepad++, Don Ho, reported that hackers, likely associated with the Chinese government, hijacked the software's update mechanism. This incident allowed the attackers to deliver backdoored versions of the popular free source code editor and note-taking app for Windows, potentially compromising users' devices. The breach involved the app's former hosting provider, where traffic from certain targeted users was selectively redirected to servers controlled by the attackers. Investigations by multiple security experts confirmed that the attacks were strategically aimed at specific individuals or organizations, although the exact demographics of the targeted users and the nature of the malicious files remain unclear. This selective targeting reflects a common tactic in state-sponsored cyber operations, where specific goals are pursued through the exploitation of widely used software. The incident underscores the ongoing threat posed by state-sponsored cyberattacks, particularly as they increasingly exploit vulnerabilities in widely used software. The implications of such breaches extend beyond immediate security concerns, highlighting the need for robust cybersecurity measures. As digital tools become integral to daily operations, the vulnerabilities inherent in software ecosystems become more pronounced, emphasizing the importance of vigilance against sophisticated cyber threats.