The program is a free text and code editor that's been downloaded millions of times. The compromise began in June and is likely to have involved a Chinese state-sponsored group.

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by ...

Notepad++ improves security mechanisms and closes a new vulnerability that allows attackers to execute malicious code.

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.

The popular Notepad alternative was hijacked by bad actors for several months in 2025, but the latest update appears to solve the issue.

Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that ...

Notepad++ has been compromised in a sophisticated nation-state cyberattack. Learn about the security breach, the sophisticated methods used ...

Last year, the creator of Notepad++ rolled out an update for the text and source code editor after security experts reported that bad actors were hijacking its update mechanism to redirect traffic to ...

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...

Worried about the Notepad++ supply chain attack? Notepad++ 8.9.2 adds "Double-Lock" security to stop malware hijacking.

Security researchers believe that Chinese hackers are to blame for the attack in part because of the "selective" nature of ...

Notepad++ update servers were compromised for 6 months in 2025. Learn how the Chrysalis backdoor targeted users and why you must manually update to version 8.9.1 now.