The National Institute of Standards and Technology Feb. 2 published details on a critical vulnerability that impacted Notepad++, a free, open-source text and source code program widely used by several ...

Notepad++ released version 8.8.9 in December, which checks digital signatures and certificates before installing any updates.

Some Notepad++ users were redirected to malicious servers last year. Now, its developer says they were targeted by Chinese ...

It's believed that, between June and November 10/December 2, 2025 (independent security experts and its hosting provider ...

The hosting provider's compromise allowed attackers to deliver malware through tainted software updates for six months.

Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates, fixed in v8.8.9 ...

The program is a free text and code editor that's been downloaded millions of times. The compromise began in June and is ...

Notepad++ is a favorite of programmers and other power users, but its auto-update function was compromised for months in 2025 ...

Attackers had specifically delivered malware to systems using the Notepad++ updater. Investigations point to state actors.

Notepad++ has shared additional details on the supply chain attack carried out by Chinese state-sponsored hackers via a ...

State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.

Engineers are now focusing on performance, reliability, and the overall Windows experience. is a senior editor and author of Notepad, who has been covering all things Microsoft, PC, and tech for over ...