The French developer Don Ho revealed that the widely used open-source code editor Notepad++ has been the subject of a cyber attack suspected to be orchestrated by a Chinese cyber espionage group known as 'Lotus Blossom.' This attack was identified after two months of investigations that began in June 2025, continuing until the end of December, when the vulnerability was finally secured. The delay in announcing the attack was attributed to the need to maintain the confidentiality of the investigation, conducted in collaboration with security experts from Kaspersky and Rapid7, ensuring a thorough resolution to the vulnerability and the migration to a new host.

The cyber attack effectively created a backdoor in users’ systems who employed the Notepad++ tool, enabling the implicated hackers to execute ongoing cyber attacks and steal sensitive data. Notepad++ is a popular choice among developers and programmers worldwide as it serves as a robust alternative to traditional note-taking applications on Windows, making it a valuable target for cyber espionage.

In light of this breach, the open-source nature of Notepad++ raises concerns regarding the security of open-source software, particularly in environments where sensitive information is processed. The incident underscores the necessity for diligent security measures to protect users, especially when utilizing widely adopted coding tools across various sectors.