Notepad++, a popular text editor, has been compromised by state-sponsored hackers, primarily targeting users in China. The attack, which involved infrastructure-level compromise at the hosting provider, selectively redirected update traffic to serve malicious updates. This incident underscores the vulnerabilities in update verification processes and the need for enhanced security measures.

The breach, active from June 2025 to December 2, 2025, exploited insufficient update verification in older versions of Notepad++. Security experts attribute the attack to a Chinese state-sponsored group, highlighting the targeted nature of the cyberattack. The hosting provider's investigation revealed that attackers maintained access to internal services even after losing server control, allowing them to continue redirecting traffic.

To mitigate the issue, Notepad++ has migrated to a new hosting provider with stronger security practices. Additionally, updates to the updater tool now enforce certificate and signature verification. These changes are part of a broader effort to enhance security and protect users from similar threats in the future.

The incident serves as a reminder of the importance of robust update mechanisms and the potential risks associated with shared hosting environments. As Notepad++ implements these security enhancements, users can expect more secure updates and a reduced risk of similar compromises.