Notepad++ updates got hijacked for months and could have spied for China

The developer did not specify when they became aware of the attack, but said that “all attacker access was definitively ...
Devdiscourse

Lotus Blossom's Silent Infiltration: Targeted Cyber Attack on Notepad++

A Chinese-linked cyberespionage group named Lotus Blossom hijacked the update process of Notepad++ to target specific users. Gaining access in June 2025, they maintained control until December that ...
PCMag

Chinese Hackers Hit Notepad++ to Serve Malicious Update

The program is a free text and code editor that's been downloaded millions of times. The compromise began in June and is ...

Notepad++ users take note: It’s time to check if you’re hacked

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by ...