Key Findings Notepad++ update infrastructure was compromised from June to December 2025 Attackers rotated C2 server addresses, downloaders, and final payloads over 4 months Attacks targeted individuals, government, financial, and IT organizations in various countries Kaspersky solutions were able to block the identified attacks as they occurred Background On February 2, 2026, the developers of Notepad++, a popular text editor among developers, published a statement claiming t
