Notepad++

In early February 2026, major cybersecurity reports revealed that the popular open-source text editor Notepad++ was the target of a sophisticated supply-chain breach that lasted for approximately six months. The incident exposed weaknesses in the application’s hosting and update infrastructure, enabling attackers to intercept and redirect update traffic from certain users and deliver malicious software….

In early February 2026, the open‑source world was shaken when the official Notepad++ update servers were hijacked in a sophisticated supply chain attack. For nearly six months, from June to December 2025, threat actors infiltrated the infrastructure that delivers automatic updates to users and quietly redirected targeted systems to malicious download servers.  Rather than exploiting…