Cybersecurity researchers have announced that the automatic update mechanism of “Notepad++”, a popular open-source text editor, has been compromised for a long time as a result of external interference.
According to Elchi.az, the Electronic Security Service assesses this incident as a supply chain attack against software.
It was reported that the research published by “Securelist” states that the attack started in the summer of 2025 and lasted for several months. During this period, some “Notepad++” users received malicious files instead of official updates. The attackers interfered not with the program’s own source code, but with the infrastructure that supports its update mechanism.
According to the research, malicious updates were targeted only at selected users. Among the victims of the attack were individual users located in different countries, companies operating in the field of information technology, financial institutions and government structures. This indicates that the attack was targeted.
During the attack, additional malicious components were loaded into users’ systems through the mechanism used by “Notepad++” program for updates. These components were able to collect information about the system, transmit this information to remote servers, and subsequently execute additional commands.
Experts say that the main danger of such attacks is that they continue undetected for a long time. Since supply chain attacks are carried out through software trusted by users, they may be detected late by traditional security tools.
After the incident was publicized, the developers of the “Notepad++” project strengthened security measures in the update infrastructure. In new versions, the verification of cryptographic signatures of update files has been made mandatory and suspicious update mechanisms have been eliminated.
Cybersecurity experts recommend users to download “Notepad++” program only from official sources, pay attention to automatic update processes and take immediate action if they observe unusual activity in their systems.
It is noted that this incident once again shows how vulnerable the software supply chain is and that even widespread programs can become an effective target for cyberattacks.