The developer of the widely-used text editor Notepad++ has disclosed that hackers, suspected to have ties to the Chinese government, exploited its software update system to distribute malicious software to users for several months in 2025. According to Don Ho, the developer, security experts identified the cyberattack between June and December 2025, with the group responsible known as Lotus Blossom, a well-known espionage entity linked to China.
Notepad++, a popular open-source project with millions of downloads globally, was infiltrated by hackers who targeted specific organizations, particularly in East Asia, by injecting tainted versions of the text editor. The compromised software allowed the attackers to gain unauthorized access to victims’ computers, highlighting the severity of the breach.
The precise method of the intrusion into Notepad++’s servers is still being investigated. Ho revealed that the attackers exploited a vulnerability in the software to redirect users to a server controlled by the hackers, enabling the distribution of malicious updates to targeted users requesting software patches.
Source: TechCrunch