Notepad++ says it was hijacked by Chinese state-sponsored hackers

The developer of the popular open source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025.

In a blog post published Monday, Notepad++ developer Don Ho said that the cyberattack was likely carried out by hackers associated with the Chinese government between June and December 2025, citing multiple analyses by security experts who examined the malware payloads and attack patterns. Ho said this "would explain the highly selective targeting" seen during the campaign.

Rapid7, which investigated the incident, attributed the hacking to Lotus Blossom, a long-running espionage group known to work for China, and said the hacks targeted government, telecom, aviation, critical infrastructure, and media sectors.

Notepad++ is one of the longest-running open source projects, spanning more than two decades, and it counts at least tens of millions of downloads to date, including by employees at organizations around the world.

Read more -here-