Hackers sponsored by the Chinese government manage to redirect traffic from the Notepad++ update server

The well-known advanced text editor Notepad++ has been a victim of a cyber attack directed by hackers sponsored by the Chinese government, compromising the security and information of the application update system.

This has been notified by the hosting company that the application developers previously used

A group of hackers supported by the Chinese government managed to intercept and redirect application download traffic to specific users

The “man in the middle” attack compromised the network of the official Notepad++ website between June 2025 and December 2025, allowing Chinese hackers to redirect update traffic from specific users of the program.

Therefore, The attack does not involve a hack of Notepad+ itselfbut a security breach in the provider’s hosting servers that they used to manage downloads and updates. Affected users received a fake update with malicious content.

From Notepad++ they assure that the attackers stopped having access to the server from September 2, 2025, but they could have been able to redirect traffic until December 2, 2025 by maintaining access credentials to internal services. However, it appears that the attack stopped on November 10.

The developers of the program have made several critical fixes to the update system to verify that no new similar interception attacks occur. In any case, they recommend users manually update to the latest version of the software, which at the time of writing is v8.9.1, to ensure they have the automatic update system corrected.