Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that ...

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by ...

Notepad++ 8.9.2 fixes update hijack exploited to deliver malware, patches RCE flaw, and hardens WinGUp security.

TL;DR: Notepad++ was compromised for six months, but it wasn't the software itself which the exploit leveraged, but its hosting provider. An investigation into the attack has just been concluded with ...

Miscreants will need to find another avenue for malware shenanigans Notepad++ has continued beefing up security with a ...

There has been a continuing problem where traffic from WinGUp, an updater for the text editor Notepad++, was being redirected to malicious domains and distributing malware, and it has now been ...

A months-long supply chain attack that affected the Notepad++ update process has been linked to a compromise of shared hosting infrastructure rather than a flaw in the software's code. This according ...

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...

The program is a free text and code editor that's been downloaded millions of times. The compromise began in June and is likely to have involved a Chinese state-sponsored group.

Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today.