Notepad++ update servers were compromised by a likely Chinese state-sponsored group from June to December 2025. Attackers intercepted update traffic, redirecting users to malicious binaries due to inadequate validation of update packages. Following the breach, Notepad++ enhanced security measures, including stricter validation processes and plans to implement XMLDSig in future updates to prevent such incidents.
Notepad Hijacked

