This event is archived. Final snapshot from when the story concluded. View on Dashboard
Events / Notepad++ Supply Chain Attack by...
Tech supply chain attack

Notepad++ Supply Chain Attack by Nelumbo nucifera

Analysis based on 10 articles · First reported Feb 02, 2026 · Last updated Feb 07, 2026

Sentiment
-60
Attention
4
Articles
10
Market Impact
Direct
Live prominence charts, article sentiment distribution, and event development timeline available on the NewsDesk Dashboard
Market Impact

The supply chain attack on Notepad++ by Nelumbo nucifera creates significant cybersecurity concerns, potentially impacting the software industry and government sectors. This event could lead to increased scrutiny on software update mechanisms and cybersecurity measures, affecting investor confidence in companies with similar vulnerabilities.

Software Cybersecurity Government
Event Summary

A Chinese-linked cyberespionage group, Nelumbo nucifera, hijacked the update process for the popular code editing platform Notepad++ to deliver custom malware to targeted users. The developer, Don Ho (programmer), confirmed that malicious actors targeted the update process from June to September 2025, maintaining credentials until December 2025. The attack was highly selective, indicating deliberate targeting rather than widespread distribution. Hostinger, the hosting provider, confirmed a supply chain attack and is cooperating with the investigation. Cybersecurity firm Metasploit attributed the campaign to Nelumbo nucifera, a group active since 2009, known for targeting government, telecom, aviation, critical infrastructure, and media sectors. The United States===Cybersecurity and Infrastructure Security Agency is investigating potential exposure within the United_States Government. The Chinese Embassy in Washington denied any state-sponsored hacking activity.

Key Actions
100 Nelumbo nucifera hijacked update process and delivered custom backdoor Notepad++
80 Don Ho (programmer) disclosed cyberattack and provided updates
60 Hostinger confirmed supply chain attack and cooperated with investigation Notepad++
50 Metasploit attributed hacking campaign to Nelumbo nucifera
40 China denied involvement in cyberattacks
30 United States===Cybersecurity and Infrastructure Security Agency investigating possible exposure across USG
Entities Involved
priv
Notepad++
Notepad++ experienced a supply chain attack where its update process was hijacked by a Chinese-linked cyberespionage group. This incident could severely damage its reputation and user trust.
Importance 90 Sentiment -70
mil
Nelumbo nucifera
Nelumbo nucifera, a Chinese-linked cyberespionage group, is responsible for hijacking the Notepad++ update process to deliver malware. Their actions have caused significant security concerns.
Importance 80 Sentiment -80
per
Don Ho (programmer)
Don Ho (programmer), the developer of Notepad++, disclosed the cyberattack and has been actively involved in the investigation and communication regarding the compromise of the update server.
Importance 70 Sentiment -50
priv
Hostinger
Hostinger, the hosting provider for Notepad++'s update domain, confirmed a supply chain attack and is cooperating with Notepad++ by sharing incident-related information. This event could negatively impact Hostinger's reputation for security.
Importance 60 Sentiment -40
stock
Metasploit
Metasploit, a cybersecurity firm, attributed the hacking campaign to the Nelumbo nucifera group, providing valuable intelligence on the threat actor. This enhances Metasploit's reputation as a cybersecurity expert.
Importance 50 Sentiment 20
cnt
China
China is implicated through the alleged link of the Nelumbo nucifera group to the nation. A spokesperson for the Chinese Embassy in Washington denied involvement, but the association could still affect international relations.
Importance 40 Sentiment -30
govactor
United States===Cybersecurity and Infrastructure Security Agency
The United States===Cybersecurity and Infrastructure Security Agency is investigating possible exposure across the United States Government due to the Notepad++ compromise, highlighting the potential national security implications.
Importance 30 Sentiment 10
+ 1 more entities View on Dashboard
Relationships
Don Ho (programmer) related Notepad++
Hostinger related Notepad++
China related Nelumbo nucifera
Notepad++ related Nelumbo nucifera
Don Ho (programmer) related Nelumbo nucifera
NEWSDESK
Track this event live

Set up alerts, explore entity relationships, search across thousands of events, and build custom intelligence feeds.

Open Dashboard

About NewsDesk

NewsDesk is a news intelligence platform that converts raw news articles into structured data. It tracks events, entities, and the relationships between them, with sentiment and attention metrics derived from thousands of articles. Pages on this site are daily static snapshots from the platform's live database. For real-time tracking, search, and alerts, the full dashboard is at app.newsdesk.dev.