Chinese hackers exploit Notepad++ updater to target select users for months: Report
Posted on: Feb 02, 2026 22:31 IST | Posted by: Livemint
The developer of Notepad++ has reportedly noted that its software package update chemical mechanism was covertly hijacked for several months endure twelvemonth, with grounds suggesting the operation was carried out by a Chinese state sponsored threat group.
According to Bleepingcomputer, attackers intercepted and selectively redirected update requests, steering certain users towards malicious servers and delivering tampered update information. The breach is believed to have begun in June 2025 and continued until early December.
Selective targeting of users
Rather than launching a broad attack, the intruders reportedly focused on specific victims. Security experts assisting the investigation said the redirections were highly selective, affecting only chosen systems rather than the wider Notepad++ user base.
Reportedly, researchers noted that this narrow scope, combined with the sophistication of the intrusion, points to a state backed actor. Multiple independent analysts concluded the activity was likely linked to a Chinese government aligned group.
The attackers are said to have exploited weaknesses in older versions of Notepad++’s WinGUp update tool, which lacked sufficient verification checks for update files.
Hosting provider compromise
Logs from the hosting provider may indicate that the server supporting Notepad++’s update application was compromised. This reportedly allowed the attackers to manipulate traffic and deliver malicious update manifests.
Reportedly, the breach temporarily stalled in early September after the server’s kernel and firmware were upgraded. However, the threat actor reportedly regained entry using internal service credentials that had not been rotated.
The unauthorised access persisted until 2 December 2025, when the hosting provider detected suspicious activity and terminated the connection.
Security fixes rolled out
In response, Notepad++ has migrated its infrastructure to a new hosting provider with stronger safeguards. The team has also rotated potentially exposed credentials, patched vulnerabilities and reviewed logs to confirm that the malicious activity has ceased.
The project previously released version 8.8.9 in December to address issues in the WinGUp updater. From that release onward, installer certificates and signatures are verified and the update XML files are cryptographically signed.
A further change is planned for version 8.9.2, which will introduce mandatory certificate signature verification for updates.
Users urged to take precautions
Although the campaign appears limited in scope, users are being advised to strengthen their security posture. Recommended steps include changing SSH, FTP/SFTP and MySQL credentials, reviewing WordPress administrator accounts, removing unnecessary users and enabling automatic updates for core software, plugins and themes.
Security researcher Kevin Beaumont previously warned that at least three organisations experienced follow up reconnaissance activity after being affected by the hijacked updates.
Global News Perspectives
In today's interconnected world, staying informed about global events is more important than ever. ZisNews provides news coverage from multiple countries, allowing you to compare how different regions report on the same stories. This unique approach helps you gain a broader and more balanced understanding of international affairs. Whether it's politics, business, technology, or cultural trends, ZisNews ensures that you get a well-rounded perspective rather than a one-sided view. Expand your knowledge and see how global narratives unfold from different angles.
Customizable News Feed
At ZisNews, we understand that not every news story interests everyone. That's why we offer a customizable news feed, allowing you to control what you see. By adding keywords, you can filter out unwanted news, blocking articles that contain specific words in their titles or descriptions. This feature enables you to create a personalized experience where you only receive content that aligns with your interests. Register today to take full advantage of this functionality and enjoy a distraction-free news feed.
Like or Comment on News
Stay engaged with the news by interacting with stories that matter to you. Like or dislike articles based on your opinion, and share your thoughts in the comments section. Join discussions, see what others are saying, and be a part of an informed community that values meaningful conversations.
Download the Android App
For a seamless news experience, download the ZisNews Android app. Get instant notifications based on your selected categories and stay updated on breaking news. The app also allows you to block unwanted news, ensuring that you only receive content that aligns with your preferences. Stay connected anytime, anywhere.
Diverse News Categories
With ZisNews, you can explore a wide range of topics, ensuring that you never miss important developments. From Technology and Science to Sports, Politics, and Entertainment, we bring you the latest updates from the world's most trusted sources. Whether you are interested in groundbreaking scientific discoveries, tech innovations, or major sports events, our platform keeps you updated in real-time. Our carefully curated news selection helps you stay ahead, providing accurate and relevant stories tailored to diverse interests.
No comments yet.