Notepad++ Updates Delivered Malware After Hosting Provider Breach

A months-long breach allowed Chinese State-sponsored hackers to hijack Notepad++ updates in 2025, exposing users to malware via a compromised hosting provider.

For years, Notepad++ has been one of those tools people install without a second thought. It is lightweight, free, and trusted by IT administrators, developers, students, and security researchers. That trust is exactly what made the latest disclosure around its update system so serious.

In a detailed statement published alongside the v8.8.9 release, Notepad++ maintainer Don Ho confirmed today that the software’s update infrastructure had been compromised through its former hosting provider.

The breach did not take place due to vulnerabilities in Notepad++‘s code itself. It involved attackers gaining control at the hosting level, allowing them to intercept update traffic and redirect selected users to attacker-controlled servers that served malicious binaries.

According to combined findings by NotePad++ and the hosting provider, the initial breach ...