Notepad++ says Chinese government hackers hijacked its software updates for months

The developer of Notepad++, Don Ho, reported that hackers associated with the Chinese government hijacked the software's update mechanism for several months. This security breach began in June 2025 and continued until December 2, 2025. During this time, users may have unknowingly downloaded malicious executables that could compromise their devices. The incident highlights the ongoing threat posed by state-sponsored cyberattacks, particularly as they increasingly target widely used software to exploit vulnerabilities. Investigations by multiple security experts confirmed that the attacks were selectively targeting certain users, although the specific demographics and the nature of the malicious files remain unclear. The hijacking occurred on the app's former hosting provider's end, where traffic from targeted users was redirected to attacker-controlled servers. This method of operation reflects a strategic approach often seen in geopolitical cyber operations, where specific individuals or organizations are targeted to achieve broader objectives. The implications of such breaches extend beyond immediate security concerns, emphasizing the need for robust cybersecurity measures. As digital tools become integral to daily operations, the vulnerabilities inherent in software ecosystems become more pronounced. This incident serves as a reminder of the importance of vigilance in protecting against sophisticated cyber threats, particularly those that may originate from state-sponsored actors.