Popular text editor Notepad++ confirmed hackers used its updates to target organizations, likely linked to the Chinese government, from June to December 2025.
City: Notepad++, a popular open source text editor used by millions of people around the world, was hacked between June and December 2025.
Chinese government-linked hackers hijacked the software’s update system to send malicious updates to certain users.
The hackers targeted organizations with interests in East Asia by redirecting update requests to their own servers.
Security experts say this attack matches the work of a group called Lotus Blossom that has ties to China.
Notepad++’s website was on a shared hosting server that got compromised.
Attackers exploited a software bug to redirect some users to their malicious servers until the problem was fixed in November 2025.
Updated software with a security fix is now available for download.
This attack is similar to the 2020 SolarWinds breach where Russian spies compromised a company’s update system.
The SolarWinds attack affected U.S. government agencies including Homeland Security and several departments.
Users should always update their software to the latest secure version.