Notepad++ has been around for quite some time now, and for good reason. It is a free (as in freedom) and open source text editor that's lightweight in nature. Developers, sysadmins, and anyone else who works with code or plain text on Windows has most likely used it at some point.
I say Windows because it is still not available on Linux, even after 22 years since its initial release, though you can run it via an unofficial Snap that uses Wine under the hood.
Unfortunately, there's some concerning news that you should take note of if you have it installed.
What's Happened?
The update infrastructure of Notepad++ was compromised.
The attack did not come from a flaw in Notepad++ itself. It started with the hosting provider, who ran the server handling Notepad++'s update system (WinGup).
Back in June 2025, attackers broke into that shared hosting server and got themselves inside the update infrastructure. From there, they could intercept update requests and quietly redirect users to their own servers.
This went on for months, but the attackers lost direct access to the server in early September after a routine maintenance update kicked them out. But they had already grabbed credentials to the hosting provider's internal services and used those to keep the redirection going all the way until December 2, 2025.
The targeting was not random either. Many security researchers have traced the attack to what they believe is a Chinese state-sponsored group. Moreover, only certain users were deliberately targeted.
The attack has since been effectively shut down, with the hosting provider patching the vulnerabilities, changing out all the compromised credentials, and Notepad++ moving to a new hosting provider.
The Fix
It is quite simple, actually. If you are an existing user, then you can download Notepad++ v8.9.1 (or later), which includes the necessary security fixes. You will have to manually update though.
That release comes with many other improvements too, like macro and search bug fixes, better syntax highlighting for Perl, new Function List support for Nim, and a better Find dialog that now flags invisible characters.
Suggested Read π: Best Notepad++ Alternatives For Linux
Abhishek Prakash
