Notepad++, one of the most popular alternatives to the native Notepad app in Windows 11, has today published on its website a security disclosure stating that the app was "hijacked by state-sponsored ...

The popular open-source text editor Notepad++ was targeted in a sophisticated supply chain attack that allowed Chinese state-sponsored hackers to deliver malware through compromised software updates, ...

Malicious actors served fake Notepad++ updates via the official site from June to December 2025. Older Notepad++ versions lacked update verification, letting targets get malware—upgrade to v8.9.1.

Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. The new mechanism landed in Notepad++ ...

Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled ...

The developer of Notepad++ has reportedly noted that its software update mechanism was covertly hijacked for several months last year, with evidence suggesting the operation was carried out by a ...

Notepad++ targeted in sophisticated supply-chain style attack via compromised hosting server Attackers delivered tainted updates to select victims, exploiting weak update verification controls Breach ...

There has been a continuing problem where traffic from WinGUp, an updater for the text editor Notepad++, was being redirected to malicious domains and distributing malware, and it has now been ...

Notepad++ update process hijacked for targeted cyberespionage Cybersecurity firm Rapid7 links attack to Chinese group Lotus Blossom China denies involvement, citing lack of evidence Feb 2 (Reuters) - ...