Chinese State-Sponsored Hackers Compromise Notepad++ Update Mechanism in 2025 Supply Chain Attack
cybersecuritysupply_chain_attackstate-sponsored_hackingChinaNotepad++financetelecommunicationssoftware_securitybreachincident_response
In December 2025, attackers allegedly sponsored by the Chinese state compromised the update mechanism of Notepad++ by hacking the project's shared hosting server. They intercepted and redirected update traffic to the domain notepad-plus-plus.org. The software's maintainer, Don Ho, confirmed this supply chain compromise. Security researcher Kevin Beaumont identified three organizations that fell victim to security incidents linked to Notepad++, where initial access to systems was gained through this vector. The targets included sectors such as finance and telecommunications.