Backdoor in Notepad++

Hackers linked to the Chinese government trojanized the Notepad++ update infrastructure to deliver a backdoor to selected users by exploiting insufficient update verification; the attacker maintained access to internal services and redirected update traffic until December 2—users are advised to run at least version 8.9.1.