The developer of the popular open source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025.
Notepad++ is one of the longest-running open source projects, spanning more than two decades, and it counts at least tens of millions of downloads to date, including by employees at organizations around the world.
Ho said that the “exact technical mechanism” of how the hackers broke into his servers remains under investigation, but provided some details as to how the attack went down.
“We do have logs indicating that the bad actor tried to re-exploit one of the fixed vulnerabilities; however, the attempt did not succeed after the fix was implemented,” wrote Ho.
In an email, Ho told TechCrunch that his hosting provider confirmed his shared server was compromised but that the provider did not say how the hackers initially broke in.
The SolarWinds breach affected several government agencies, including Homeland Security and the Departments of Commerce, Energy, Justice, and State.
Updated with a response from Ho and with additional details from Rapid7.
International