Frequently Asked Questions About Notepad++ Supply Chain Compromise

Threat actors compromised Notepad++'s update distribution infrastructure beginning in June 2025, enabling redirection of update traffic to an attacker-controlled site for targeted espionage. Attribution reports point to the Chinese APT 'Lotus Blossom.' The compromise affected Notepad++ versions up to 8.9 and persisted in stages until December 2, 2025; Notepad++ released version 8.9.1 (adding XMLDSig validation) to remediate the issue.