Notepad++ Compromised By State Actor
4 156Luthair writes: Notepad++ claims to have been targeted by a state actor, given their previous stance on Uyghurs one can speculate about a candidate. Notepad++, in a blog post: According to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.
4 comments
Re:Title (Score: 5, Interesting)
by sabbede ( 2678435 ) on Monday February 02, 2026 @01:00PM (#65964474)
It's a little more than just a compromised website. NP++ is the #1 text editor, and malicious actors were able to redirect update requests. It's a very serious supply-chain attack. I have a tab in mine that's just passwords and API keys. Bad and very sloppy practice? Yes, but I did it anyway and shudder to think what may have happened if Chinese hackers were able to work out which keys had value for them.
I have now cleaned that up.
Re:Title (Score: 5, Informative)
by bjoast ( 1310293 ) on Monday February 02, 2026 @12:42PM (#65964424)
Or Notepad++ website was compromised for brevity's sake.
No. That would be a very inadequate way of describing what was actually a targeted supply-chain attack.
Re:Title (Score: 5, Informative)
by DamnOregonian ( 963763 ) on Monday February 02, 2026 @05:08PM (#65965160)
They can have their opinions. Just don't make it an official part of the organization's stance that they're working on. Previously, they at least had the sense to carry disclaimers, like "My opinions are my own and not that of my employer"
What fucking employer are you talking about? Don Ho is a guy. Who writes Notepad++. He is the organization.
This isn't some guy working for Microsoft. This is some guy's pet project software. His political opinions come with this software he writes, and gives to you to use and modify, for free.
Did you seriously not know that, or are you a fucking bot?
Intolerable state of affairs (Score: 5, Insightful)
by physicsphairy ( 720718 ) on Monday February 02, 2026 @12:35PM (#65964414)
China already gets its way in forcing Hollywood and other big industries to self-sensor on its behalf, down to the individual level (e.g. sanctioning NBA teams if their members made a post in solidarity with the oppressed in Hong Kong).
But even when you have no business with China you still have to worry about what will happen to your business if you acknowledge their persistent genocide of the Uighurs?
This isn't a situation to passively accept.