Notepad++ Confirms Hackers Hijacked Update Infrastructure To Push Malware

Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled further exploits until December 2nd, 2025. In an effort to thwart similar issues moving forward, Notepad++ has moved to a hosting provider "with significantly stronger security practices", which has been in place since Notepad++ version 8.8.9. For users who happened to follow an auto-update prompt or started one through Notepad++ within the vulnerable timeframe though, you'll very much want to scan your system for malware.

For existing Notepad++ users, developers advise manually installing version v.8.9.1, which includes a secured WinGup updater for improved security, instead of auto-updating through your current version. As a Notepad++ user myself ...