CATEGORIES
home News

Notepad++ Confirms Hackers Hijacked Update Infrastructure To Push Malware

by Chris HarperMonday, February 02, 2026, 04:01 PM EDT
hero notepad++ exploit
Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled further exploits until December 2nd, 2025. In an effort to thwart similar issues moving forward, Notepad++ has moved to a hosting provider "with significantly stronger security practices", which has been in place since Notepad++ version 8.8.9. For users who happened to follow an auto-update prompt or started one through Notepad++ within the vulnerable timeframe though, you'll very much want to scan your system for malware.

content notepad plus exploit
Notepad++'s updater usually pops up, but users can also prompt it by selecting the "?" dropdown in the taskbar.

For existing Notepad++ users, developers advise manually installing version v.8.9.1, which includes a secured WinGup updater for improved security, instead of auto-updating through your current version. As a Notepad++ user myself, I was able to install the new version of Notepad++ over my old installation without issue, and my system scanned clean before and after doing so. Notepad++ mentions that the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself, but the application still received the aforementioned security upgrades after being moved to a more secure provider in hopes of preventing the recurrence of something similar in the future.

This isn't the only time Notepad++ and its users have been targeted by cybercriminals, but last time it was through "notepad.plus", a "fan" site that was actually used to host malicious advertising and attempt to infect those looking for the legitimate Notepad++. This time the attack was more direct, though the full scale of harm done remains unknown. Similar to recent DarkSpectre stories, it does raise concerns about how existing auto-update infrastructure can be exploited, even against applications that seem or are legitimate. At least Notepad++ was informed of the breach by its old hosting provider and was able to move to a more secure host.

Image Credit: Gerd Altmann on Pixabay (header), Notepad++
Tags:  security, Software, cybersecurity, notepad++
Chris Harper

Chris Harper

Christopher Harper is a tech writer with over a decade of experience writing how-tos and news. Off work, he stays sharp with gym time & stylish action games.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment