Chinese government-linked hackers compromised the update infrastructure for Notepad++ and delivered malware to targeted users by exploiting insufficient update verification controls in older versions. The attackers maintained access to internal services, allowing them to redirect update traffic to malicious servers even after initial remediation efforts. Event logs indicate a failed attempt to re-exploit a patched weakness. Users should upgrade to at least version 8.9.1.
Home Blog Backdoor in Notepad++ Hackers associated with the Chinese government used a Trojaned version of Notepad++ to deliver malware to selected users. Notepad++ said that officials with the unnamed provider hosting the update infrastructure consulted with incident responders and found that it remained compromised until September 2. Even then, the attackers maintained credentials to the internal services until December 2, a capability that allowed them to continue redirecting selected update traffic to malicious servers. The threat actor “specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++.” Event logs indicate that the hackers tried to re-exploit one of the weaknesses after it was fixed but that the attempt failed. Make sure you’re running at least version 8.9.1. Tags: backdoors , China , hacking , supply chain Posted on February 5, 2026 at 7:00 AM • 2 Comments ← US Declassifies Information on JUMPSEAT Spy Satellites Sidebar photo of Bruce Schneier by Joe MacInnis.