{"id":209984,"date":"2026-02-02T05:55:00","date_gmt":"2026-02-02T10:55:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/02\/nation-state-hack-exploited-hosting-infrastructure-to-hijack-notepad-updates\/"},"modified":"2026-02-04T12:20:16","modified_gmt":"2026-02-04T17:20:16","slug":"nation-state-hack-exploited-hosting-infrastructure-to-hijack-notepad-updates","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/02\/nation-state-hack-exploited-hosting-infrastructure-to-hijack-notepad-updates\/","title":{"rendered":"Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/187531\/security\/nation-state-hack-exploited-hosting-infrastructure-to-hijack-notepad-updates.html?amp\">Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/187531\/security\/nation-state-hack-exploited-hosting-infrastructure-to-hijack-notepad-updates.html?amp\">https:\/\/securityaffairs.com\/187531\/security\/nation-state-hack-exploited-hosting-infrastructure-to-hijack-notepad-updates.html?amp<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-02 05:55:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> February 02, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2015\/01\/Notepad-logo.png?fit=241%2C232&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Notepad++ maintainer says nation-state attackers hijacked the app\u2019s update system by redirecting traffic at the hosting provider level.<\/h2>\n<p>The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider\u2019s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users.<\/p>\n<p>\u201cAccording to the analysis provided by the security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org.\u201d reads the <strong>advisory<\/strong> published by the software maintainers.  \u201cThe exact technical mechanism remains under investigation, though the compromise occured at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.\u201d<\/p>\n<p>The incident began in June 2025 and was linked by multiple researchers to a likely Chinese state-sponsored group, based on its highly selective targeting. Attackers compromised a shared hosting server until September 2, 2025, and later used stolen internal credentials to redirect Notepad++ update traffic to malicious servers until December 2. <\/p>\n<p>The hosting provider moved all affected customers to a new server, fixed the vulnerabilities that were abused, and rotated all credentials that may have been exposed.<\/p>\n<p>After completing these actions, the provider reviewed system logs and confirmed there was no evidence of continued attacker access or malicious activity.<\/p>\n<p>The security expert found the attack ended on November 10, 2025, while the hosting provider reported possible attacker access until&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/187531\/security\/nation-state-hack-exploited-hosting-infrastructure-to-hijack-notepad-updates.html?amp\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates https:\/\/securityaffairs.com\/187531\/security\/nation-state-hack-exploited-hosting-infrastructure-to-hijack-notepad-updates.html?amp Publish Date: 2026-02-02 05:55:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":209985,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2015\/01\/Notepad-logo.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31],"class_list":["post-209984","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209984"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209984"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209984\/revisions"}],"predecessor-version":[{"id":209986,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209984\/revisions\/209986"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209985"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209984"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209984"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}