Notepad++ Update System Hijacked in Months-Long Supply Chain Attack

Notepad++ faced a supply chain attack in 2025, redirecting updates to malicious servers, suspected to be by Chinese hackers.

By Content Team

Feb 7, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A sophisticated supply chain attack targeting Notepad++ users ran from June to December 2025, with attackers compromising the software's hosting provider to hijack update traffic. Instead of exploiting the code itself, hackers redirected users to malicious servers that served compromised executables through the built-in WinGUp updater.

Security analysts believe Chinese state-sponsored actors were behind the highly targeted operation, which selectively focused on Notepad++ while ignoring other customers on the shared hosting server. The attackers maintained access through exposed credentials until December 2025, even after losing direct server access in September following security updates.

The hosting provider has since rotated all credentials and patched vulnerabilities, with no other customers affected.

Source: Infosecurity Magazine

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

AI-Powered 'Truman Show' Scam Creates Fake Investment Reality for Victims

Jan 9, 2026

Asian Cyberspy Group Infiltrates Government Systems Across 37 Countries

Feb 9, 2026

Shai-Hulud Worm Fuels $8.5 Million Trust Wallet Crypto Heist

Dec 31, 2025

Critical Google Looker Flaws Let Attackers Access Multiple Companies' Data

Feb 6, 2026