Notepad++ update server hijacked in targeted attacks — outfit claims Chinese state-sponsored hackers may be to blame

The Notepad++ update server was compromised in a targeted supply chain attack, potentially by a Chinese state-sponsored group, redirecting specific users to malicious installers through the editor's updater. The attackers gained control to manipulate update requests and deliver trojanized installers. Notepad++ confirmed that users who downloaded installers from the official website were not affected, and the compromise was linked to the Chinese espionage group Lotus Blossom by Rapid7. Stricter validation checks have been implemented to prevent future unauthorized updates, and users are advised to upgrade to the latest release for enhanced security measures.