Chinese Hackers Hijacked Notepad++ Updates Through Hosting Provider Compromise

Chinese hackers targeted Notepad++ users in a sophisticated supply chain attack, compromising updates and affecting telecoms in East Asia.

By Content Team

Feb 2, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Chinese state-sponsored hackers conducted a sophisticated supply chain attack against Notepad++ users from June to December 2025, targeting telecoms and financial firms in East Asia. The attackers compromised the text editor's hosting provider to intercept and redirect update traffic to malicious servers.

Creator Don Ho revealed that hackers gained infrastructure-level access to selectively target specific users while leaving others unaffected. The hosting provider discovered the breach affected only Notepad++ traffic, with attackers maintaining access until December 2025 despite server maintenance in September.

Notepad++ has since moved to a new hosting provider and added client-side verification to prevent future update hijacking.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Booking.com Hack Fuels 'Reservation Hijack' Scam Wave

Apr 29, 2026

FortiGate Firewalls Under Automated Attack Since January 15

Jan 26, 2026

Instagram Denies Data Breach After Mass Password Reset Emails Spark User Confusion

Jan 13, 2026

Chained Vulnerabilities Let Attackers Backdoor Industrial Control Systems Running CODESYS

Apr 27, 2026