Techcrunch
The developer of the popular open-source text editor Notepad++ has confirmed that its software updates were hijacked by hackers, believed to be linked to the Chinese government, to deliver malicious payloads to users over several months in 2025. Security researchers are investigating the highly selective targeting observed during the campaign.
AI 生成摘要
知名開源文字編輯器 Notepad++ 的開發者證實,其軟體更新在2025年間被駭客劫持,據信與中國政府有關,並在數月內向用戶傳遞惡意程式。安全研究人員正在調查此次攻擊中觀察到的高度選擇性目標行為。
Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
Staff
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
The developer of the popular open-source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025.
In a blog post published Monday, Notepad++ developer Don Ho said that the cyberattack was likely carried out by hackers associated with the Chinese government between June and December 2025, citing an analysis by security experts. Ho said this “would explain the highly selective targeting” seen during the campaign.
Ho did not say how many users were targeted or how many were compromised — if known — and did not respond to questions by the time of publication. (If we hear back, we will update.)
Notepad++ is one of the longest running open-source projects, spanning more than two decades, and it counts at least tens of millions of downloads to date, including by employees at organizations around the world.
According to Kevin Beaumont, a security researcher who first discovered the cyberattack and wrote up his findings in December, the hackers compromised a small number of organizations “with interests in East Asia” after someone unwittingly used a tainted version of the popular software. Beaumont said that the hackers were able to gain “hands-on” access to the computers of victims who were running hijacked versions of Notepad++.
Ho said that the “exact technical mechanism” of how the hackers broke into his servers remains under investigation, but provided some details as to how the attack went down.
In the blog, Ho said that Notepad++’s website was hosted on a shared hosting server. The attackers “specifically targeted” Notepad++’s web domain with the goal of exploiting a bug in the software to redirect some users to a malicious server run by the hackers. This allowed the hackers to deliver malicious updates to certain users who had requested a software update, until the bug was fixed in November and the hackers’ access was terminated in early December.
“We do have logs indicating that the bad actor tried to re-exploit one of the fixed vulnerabilities; however, the attempt did not succeed after the fix was implemented,” wrote Ho.
Ho apologized for the incident, and urged users to download the most recent version of his software, which contains a fix for the bug.
The cyberattack targeting Notepad++ users is somewhat reminiscent of the 2019-2020 cyberattack affecting customers of SolarWinds, a software company that makes IT and network management tools for large Fortune 500 organizations, including government departments. Russian government hackers broke into the company’s servers and secretly planted a backdoor in its software, allowing the Russian spies to access data on those customers’ networks once the update had rolled out.
The SolarWinds breach affected several government agencies, including Homeland Security and the Departments of Commerce, Energy, Justice, and State.
Topics
Security Editor
Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security.
He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at [email protected].
Tickets are live at the lowest rates of the year. Save up to $680 on your pass now.Meet investors. Discover your next portfolio company. Hear from 250+ tech leaders, dive into 200+ sessions, and explore 300+ startups building what’s next. Don’t miss these one-time savings.
Nvidia CEO pushes back against report that his company’s $100B OpenAI investment has stalled
OpenClaw’s AI assistants are now building their own social network
Elon Musk’s SpaceX, Tesla, and xAI in talks to merge, according to reports
Waymo robotaxi hits a child near an elementary school in Santa Monica
Tesla is killing off the Model S and Model X
Everything you need to know about viral personal AI assistant Clawdbot (now Moltbot)
The price gap between Waymo and Uber is narrowing
© 2025 TechCrunch Media LLC.