Malicious actors served fake Notepad++ updates via the official site from June to December 2025. Older Notepad++ versions lacked update verification, letting targets get malware—upgrade to v8.9.1.

Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled ...

A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author.… The admission comes after version 8.8.9 of the text editor was released on December ...

Notepad++ targeted in sophisticated supply-chain style attack via compromised hosting server Attackers delivered tainted updates to select victims, exploiting weak update verification controls Breach ...

Last year, the creator of Notepad++ rolled out an update for the text and source code editor after security experts reported that bad actors were hijacking its update mechanism to redirect traffic to ...

Forbes contributors publish independent expert analyses and insights. Barry Collins is a tech journalist writing about PCs, Macs and games. The developer of the popular Windows app Notepad++ has ...

There has been a continuing problem where traffic from WinGUp, an updater for the text editor Notepad++, was being redirected to malicious domains and distributing malware, and it has now been ...

The app’s servers were compromised from June through December 2025. The app’s servers were compromised from June through December 2025. is a news writer covering all things consumer tech. Stevie ...