Cybersecurity
Notepad++ confirms six-month state-sponsored supply chain attack on update infrastructure
Chinese state actors compromised Notepad++'s hosting provider from June to December 2025, selectively redirecting update requests to malicious servers. The attack exploited weak update verification in older versions—a pattern enterprise security teams should recognize.