Notepad++ Patches Vulnerability Exploited by Chinese APT Group to Hijack Update System

Notepad++ has patched a vulnerability that was exploited by a Chinese-linked APT group to hijack its update system and distribute malware to selected targets. The attack, revealed in early February 2025 by the software's maintainer, involved compromising the hosting infrastructure. The flaw allowed attackers to manipulate the update mechanism to deploy malicious payloads in a targeted manner. No additional technical details or precise impact have been disclosed.