Frequently Asked Questions About Notepad++ Supply Chain Compromise
Tenable, Tuesday, February 3rd, 2026
Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes.
Beginning in June 2025, threat actors compromised the infrastructure Notepad++ uses to distribute software updates.
The issue has been addressed and Notepad++ have released 8.9.1 which now includes XML signature validation (XMLDSig) for security updates.
Reports suggest that the attack was carried out by a Chinese threat actor known as Lotus Blossom.