/
Navigation
Chronicles
Browse all articles
Explore
Semantic exploration
Research
Entity momentum
Nexus
Correlations & relationships
Story Arc
Topic evolution
Drift Map
Semantic trajectory animation
Posts
Analysis & commentary
Pulse API
Tech news intelligence API
Browse
Entities
Companies, people, products, technologies
Domains
Browse by publication source
Handles
Browse by social media handle
Detection
Concept Search
Semantic similarity search
High Impact Stories
Top coverage by position
Sentiment Analysis
Positive/negative coverage
Anomaly Detection
Unusual coverage patterns
Analysis
Rivalry Report
Compare two entities head-to-head
Semantic Pivots
Narrative discontinuities
Crisis Response
Event recovery patterns
Connected
Search: /
Command: ⌘K
Embeddings: large
TEXXR
TEXXR

Chronicles

The story behind the story

days · browse · Enter similar · o open

Notepad++ and security researchers say Chinese state-sponsored threat actors were likely behind the hijacking of its update traffic from June to December 2025

Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year …

BleepingComputer Bill Toulas

Related Coverage

Discussion

  • @vxunderground @vxunderground on x
    Chat, no big deal. It turns out Notepad++ was compromised at the infrastructure level and if you downloaded or updated Notepad++ after September, 2025 or before December, 2025, an unknown state-sponsored actor has compromised your machine. https://notepad-plus-plus.org/ ...
  • @uk_daniel_card @uk_daniel_card on x
    interesting.... people use notepad++ because it has features they need/want. hanging enterprise environments isn't simple. people on the internet massively over simplify things....
  • @c2iris @c2iris on x
    Interesting. A good reminder that you probably want to uninstall applications that you don't really need. Especially if they have the ability to auto update.
  • @officialwhyte22 Winston Ighodaro on x
    This is bad because the compromise didn't happen inside Notepad++ itself. The attackers went after the infrastructure that delivers updates, which means the trust model was broken, not the code. Users could do everything right and still be exposed. Once update traffic is
  • @pikuma @pikuma on x
    Look, we all look the other way as the Chinese steals wood & minerals from Brazilian land and annihilates most fish species from the Chilean Pacific coastline... but Notepad++? This is where I draw the line! 😠
  • @apkramar Alex Kramar on x
    “Never update any software ever” chads rack up another W.
  • @cyb3rops Florian Roth on x
    For convenience: I wrote a small collector that pulls all SHA-256, SHA-1 and MD5 hashes from Notepad++ releases and compiles them into big CSV + JSON files Use it to check if any Notepad++ installs in your org match known-good release hashes - and spot weird/malicious outliers [i…
  • @lcamtuf @lcamtuf on x
    The dark side of auto-updates: https://notepad-plus-plus.org/ ... Don't get me wrong, they are *essential* for some software, but the pendulum might have swung too far, adding risk where little risk existed before.
  • @johnhultquist John Hultquist on x
    Notepad++ compromised in supply chain attack from June to December 2025 by “likely Chinese state-sponsored actor”. There has been a rash of supply chain incidents over the last couple of years as these guys try to leapfrog into hard targets. https://notepad-plus-plus.org/ ...
  • @uk_daniel_card @uk_daniel_card on x
    Notepad plus plus appears to have at some point been comrpmised: https://notepad-plus-plus.org/ ...
  • @gi7w0rm @gi7w0rm on x
    Popular Text Editor Notepad++ was compromised by a nation state attacker presumably from June through December 2, 2025. The state actor used the access to reroute software update traffic to attacker controlled servers making this a supply chain attack. https://notepad-plus-plus.o…
  • @blackroomsec @blackroomsec on x
    Oh no. I'm a little confused as to which versions are affected so if anyone can find it, please let me know. I have to let 42,000 people know what to do. 🤦‍♀️ Thanks for the wake up call, Florian!!! 😜
  • @cyb3rops Florian Roth on x
    This is bad. Putty level bad. https://notepad-plus-plus.org/ ... [image]
  • @uk_daniel_card @uk_daniel_card on x
    ‘The incident began from June 2025. Multiple independaent security researchers have assessed that the threat acotor is likely a Chinese state-sponsored group, which would explain the highly selective targeting obseved during the campaign.’ #NotepadPlusPlus #Notepad #Compromised […
  • @cyb3rops Florian Roth on x
    Yes, it's basically this #NotepadPlusPlusCompromise [image]
  • r/pcmasterrace r on reddit
    Notepad++ Hijacked by State-Sponsored Hackers(likely a Chinese state-sponsored group)
  • @evacide @evacide on bluesky
    Notepad++ publishes a blog post saying they caught a probably-Chinese state actor hijacking their product in an attack against highly-selective targets that began last June: notepad-plus-plus.org/news/hijacke...
  • @jsstaedtler@mastodon.art Johann Sebastian Staedtler on mastodon
    RE: https://infosec.exchange/...  In brief, the recommendation is to download the complete installer for Notepad++ version 8.9.1 and run it to replace whatever version you currently have installed.  The built-in auto-updater will have new security enhancements to prevent any more…
  • r/sysadmin r on reddit
    Notepad++ Hijacked by State-Sponsored Hackers
  • r/theprimeagen r on reddit
    Notepad++ hijacked by state-sponsored actors
  • @adelpreore @adelpreore on bluesky
    Good thing we got rid of our cybersecurity agencies in this country.  —  I'm going to go out on a limb and say probably 90% of developers have this application installed.  —  techcrunch.com/2026/02/02/n...
  • r/homelab r on reddit
    Check if you're using Notepad++ version 8.8.8, you might be running a compromised version.