Notepad++ has been released in version 8.9.2. The new version improves security mechanisms and closes a highly risky security vulnerability through which attackers can execute arbitrary code. In the ...

The recently compromised update mechanism for the popular open source text editor Notepad ++ has been hardened so it’s now ‘effectively unexploitable’, says the application’s author. Don Ho made the ...

PCWorld reports that Windows Notepad’s new Markdown support feature has introduced a serious remote code execution vulnerability with a high CVSS score of 8.8/7.7. The security flaw allows malicious ...

Last year, the creator of Notepad++ rolled out an update for the text and source code editor after security experts reported that bad actors were hijacking its update mechanism to redirect traffic to ...

TL;DR: Notepad++ was compromised for six months, but it wasn't the software itself which the exploit leveraged, but its hosting provider. An investigation into the attack has just been concluded with ...

The app’s servers were compromised from June through December 2025. The app’s servers were compromised from June through December 2025. is a news writer covering all things consumer tech. Stevie ...

Notepad++ update process hijacked for targeted cyberespionage Cybersecurity firm Rapid7 links attack to Chinese group Lotus Blossom China denies involvement, citing lack of evidence Feb 2 (Reuters) - ...

The developer of the popular open source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025. In a ...

PCWorld reports that Notepad++’s WinGUp update system was compromised between June and December 2025, delivering malware through corrupted executables to targeted users. While the popular text editor ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...

Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today.