Notepad++ Update Hijacked by Cyberespionage Group, Sparks Cybersecurity Alert
A Chinese-linked cyberespionage group targeted Notepad++'s update process to deploy malware. The attack from June to December 2025 selectively affected users, prompting investigations. Hosting credentials remained compromised, while a Chinese embassy spokesperson denied government involvement in the hacking incident.
A cyberespionage group linked to China has reportedly hijacked the update process for the widely used code editor, Notepad++, to distribute malware, according to its developer and cybersecurity experts.
Don Ho, the developer behind Notepad++, revealed targeted users received malicious updates between June and December 2025, raising alarms about specific targeting rather than a widespread attack. The Cybersecurity and Infrastructure Security Agency is investigating the breach affecting some U.S. government systems.
The hacking group, identified as Lotus Blossom, capitalized on its server access to deploy a custom backdoor for interactive control over compromised systems, potentially advancing espionage activities.
(With inputs from agencies.)
Google News