Suspected China-state hackers used update infrastructure to deliver backdoored version.

Ars Technica is known for its  coverage of technology-related news and analysis, ranging from scientific breakthroughs to the latest gadgets and gaming developments. Readers can learn about emerging technologies, industry trends, and the societal impact of technological advancements through detailed articles and reviews.

Ars Technica

Notepad++ update infrastructure was compromised for six months (June to December) by suspected Chinese state-sponsored hackers who delivered backdoored versions to select targets. The attackers intercepted update traffic and redirected certain users to malicious servers, maintaining access until December 2. Three organizations with East Asia interests reported security incidents involving hands-on-keyboard access. Version 8.8.8.8 introduced fixes to harden the updater (GUP/WinGUP) against hijacking.

Notepad++ users take note: It’s time to check if you’re hacked

How The Callisto Protocol's Gameplay Was Perfected Months Before Release