Hosted on MSN

Notepad++ has allegedly been spying on targeted users after a malicious update got in

Malicious actors served fake Notepad++ updates via the official site from June to December 2025. Older Notepad++ versions lacked update verification, letting targets get malware—upgrade to v8.9.1.
HotHardware

Notepad++ Confirms Hackers Hijacked Update Infrastructure To Push Malware

Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled ...
Hosted on MSN

Notepad++ update service hijacked in targeted state-linked attack

A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author.… The admission comes after version 8.8.9 of the text editor was released on December ...
TechRadar

Notepad++ hit by suspected Chinese state-sponsored hackers - here's what we know so far

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Notepad++ targeted in sophisticated supply-chain style attack via compromised hosting server ...
Bleeping Computer

Notepad++ fixes flaw that let attackers push malicious update files

Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of ...