8legs: Notepad++

Your Followed Topics

#1 out of 22.0M est. views10.36%

Notepad++ expanded defenses by requiring both the download signature and certificate validation, and by signing the update server responses to thwart tainted updates.
Direct downloads from the official Notepad++ site largely avoided the impact, highlighting the risk was concentrated on users relying on the built-in updater.
Rapid7’s investigation ties the incident to Lotus Blossom, a Chinese espionage group active since 2009 with operations across Asia and Central America.

Vote 49

#2 out of 236.0K est. views

Hackers hijacked Notepad++ updates for six months, redirecting targeted users to malicious manifests.
The breach occurred from June through December 2025, according to developer Don Ho.
Hackers likely belonged to a Chinese state-sponsored group and could have given remote access to keyboards.
Notepad++ developers terminated all attacker access by December 2, 2025.
Users are advised to update to version 8.8.9 or newer from the official site.
Independent expert Kevin Beaumont suggested monitoring for gup.exe and suspicious update.exe in TEMP.
The attackers targeted organizations with East Asia interests, per Don Ho’s post.
The updater has been updated with stronger security measures to verify updates.
The incident underscores risks of third‑party hosting in software supply chains.
Users should download updates directly from the official Notepad++ site.

Vote 3

Unlimited Access

Personalized Feed

Full Experience

By continuing, you agree to the Privacy Policy.. You also agree to receive our newsletters, you can opt-out any time.

Create an account and enjoy content that interests you with your personalized feed

Unlimited Access

Personalized Feed

Full Experience

By continuing, you agree to the Privacy Policy.. You also agree to receive our newsletters, you can opt-out any time.