The developer of the open-source text editor Notepad++ confirmed that hackers compromised its update system, delivering malicious updates to a limited number of users between June and December 2025. Security researchers believe the attack was carried out by a China-linked espionage group and selectively targeted organizations in government, telecom, aviation, critical infrastructure, and media sectors. The vulnerability has since been fixed, access terminated, and users are encouraged to update to the latest version of the software.