The Hacker News

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] ...
Ubuntu

Notepad++ 8.9.2 Introduces “Double-Lock” Security to Fix the Update Hijack

Software updates usually keep us safe, but what happens when hackers hijack the update process itself? This is exactly what happened to Notepad++ during a sophisticated attack in 2025. To solve this, ...
theregister

Notepad++ update service hijacked in targeted state-linked attack

A state-sponsored cyber criminal compromised Notepad++'s update service in 2025, according to the project's author. The admission comes after version 8.8.9 of the text editor was released on December ...
SecurityWeek

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

The likely state-sponsored threat actor had access to the hosting provider for months and targeted only certain Notepad++ customers. Notepad++ on Monday shared additional details on the supply chain ...
GIGAZINE

Notepad++ was hijacked by state-sponsored hackers to distribute malware installers

There has been a continuing problem where traffic from WinGUp, an updater for the text editor Notepad++, was being redirected to malicious domains and distributing malware, and it has now been ...
Ars Technica

Notepad++ users take note: It’s time to check if you’re hacked

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...