Hosted on MSN

Notepad++ has allegedly been spying on targeted users after a malicious update got in

Malicious actors served fake Notepad++ updates via the official site from June to December 2025. Older Notepad++ versions lacked update verification, letting targets get malware—upgrade to v8.9.1.
Dark Reading

When Auto-Updates Become Attack Paths

In light of the recent compromise of Notepad++'s update mechanisms, it is worth examining a common pattern in enterprise environments: the belief that using an application’s internal update mechanisms ...
Dark Reading

Chinese Hackers Hijack Notepad++ Updates for 6 Months

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...