Explore the latest developments concerning Notepad++ Hosting Breach.
Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.
The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.
The development comes shortly after Notepad++ maintainer Don Ho said that a compromise at the hosting provider level allowed threat actors to hijack update traffic starting June 2025 and selectively redirect such requests from certain users to malicious servers to serve a tampered update by exploiting insufficient update verification controls that existed in older versions of the utility.
How state-sponsored attackers hijacked Notepad++ updates
Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!
Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for notepad-plus-plus.org, the software’s maintainer Don Ho confirmed on Monday.
In early December 2025, security researcher Kevin Beaumont said that he knew of three organizations that have had security incidents traced back to Notepad++ processes providing the attackers initial access to the computers.
“I’ve only talked to a small number of victims. They are orgs with interests in East Asia. Activity appears very targeted. Victims report hands on keyboard recon activity, with activity starting around two months ago,” he shared at the time.
ANABOLIC – Men's Health Support Supplements – 120 Capsules
The dynamic landscape of current events often brings forth significant discussions. Monitoring these developments provides crucial insights.
For more detailed information, explore updates concerning Notepad++ Hosting Breach.
0 Comments