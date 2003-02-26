Many IT professionals, especially system administrators and developers, use Notepad++ as their default text editor on Windows, because Windows Notepad has historically been missing critical features for power users.

Today, the Notepad++ project announced that they've discovered their update channel has been compromised by attackers since June 2025.

BleepingComputer published a report:

Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. The attackers intercepted and selectively redirected update requests from certain users to malicious servers, serving tampered update manifests by exploiting a security gap in the Notepad++ update verification controls. A statement from the hosting provider for the update feature explains that the logs indicate that the attacker compromised the server with the Notepad++ update application. External security experts helping with the investigation found that the attack started in June 2025. According the developer, the breach had a narrow targeting scope and redirected only specific users to the attacker's infrastructure.

Notepad++ is likely to be installed on any Windows-based development environment or server. There are indications that this was a targeted attack and you may not have been directly affected. This is a developing story. I recommend you follow BleepingComputer for updates.