Back in June 2025, attackers broke into that shared hosting server and got themselves inside the update infrastructure. From there, they could intercept update requests and quietly redirect users to their own servers.Unfortunately, there’s some concerning news that you should take note of if you have it installed.Notepad++ has been around for quite some time now, and for good reason. It is a free (as in freedom) and open source text editor that’s lightweight in nature. Developers, sysadmins, and anyone else who works with code or plain text on Windows has most likely used it at some point.
What’s Happened?
I say Windows because it is still not available on Linux, even after 22 years since its initial release, though you can run it via an unofficial Snap that uses Wine under the hood.Suggested Read 📖: Best Notepad++ Alternatives For LinuxIt is quite simple, actually. If you are an existing user, then you can download Notepad++ v8.9.1 (or later), which includes the necessary security fixes. You will have to manually update though.The targeting was not random either. Many security researchers have traced the attack to what they believe is a Chinese state-sponsored group. Moreover, only certain users were deliberately targeted.The attack did not come from a flaw in Notepad++ itself. It started with the hosting provider, who ran the server handling Notepad++’s update system (WinGup).That release comes with many other improvements too, like macro and search bug fixes, better syntax highlighting for Perl, new Function List support for Nim, and a better Find dialog that now flags invisible characters.
The Fix
The attack has since been effectively shut down, with the hosting provider patching the vulnerabilities, changing out all the compromised credentials, and Notepad++ moving to a new hosting provider.This went on for months, but the attackers lost direct access to the server in early September after a routine maintenance update kicked them out. But they had already grabbed credentials to the hosting provider’s internal services and used those to keep the redirection going all the way until December 2, 2025.
The update infrastructure of Notepad++ was compromised.
