Bleeping Computer

Notepad++ fixes flaw that let attackers push malicious update files

Notepad++ version 8.8.9 was released to fix a security weakness in its WinGUp update tool after researchers and users reported incidents in which the updater retrieved malicious executables instead of ...
Hosted on MSN

Notepad++ update service hijacked in targeted state-linked attack

A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author.… The admission comes after version 8.8.9 of the text editor was released on December ...
Dark Reading

When Auto-Updates Become Attack Paths

In light of the recent compromise of Notepad++'s update mechanisms, it is worth examining a common pattern in enterprise environments: the belief that using an application’s internal update mechanisms ...
CSOonline

Notepad++ author says fixes make update mechanism ‘effectively unexploitable’

The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author. Don Ho made the ...
Dark Reading

Chinese Hackers Hijack Notepad++ Updates for 6 Months

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...