Notepad++
-
Notepad++ adds double-lock update verification in 8.9.2 after supply-chain compromise
Notepad++ 8.9.2 adds a double-lock update verification that checks a signed installer and a digitally signed update XML. The change follows a six-month compromise that redirected some updates starting in June 2025.
-
State actors hijacked Notepad++ updater to redirect users to malicious servers
Notepad++’s maintainer said attackers compromised hosting infrastructure to hijack the updater and redirect some users to malicious servers. The activity began in June 2025 and credentials persisted until December 2 2025.
-
High-Severity Vulnerability Discovered in Notepad++ Installer
A critical security vulnerability in the Notepad++ installer could allow attackers to gain SYSTEM-level privileges. Users are urged to be cautious and upgrade to the patched version as soon as it is available.
