Notepad++ users who ran older versions or had auto-updates enabled may have been targeted by state-sponsored hackers between June and December 2025, which compromised the update process and delivered malicious installers. Signs of compromise include unusual update dialog pop-ups, mismatched version numbers, and larger installer sizes, prompting users to check their installation for vulnerabilities. To mitigate risks, users should download Notepad++ 8.9.1 from the official site, verify its digital signature, disable auto-updates, and change any credentials if they used shared hosting. The new version enhances security by signing the XML update manifest and verifying the certificate chain, helping to prevent future attacks

Notepad++ Hijacked by State‑Sponsored Hackers

Notepad++ users who ran older versions or had auto-updates turned on may have been affected by a state-sponsored hacking incident in June-December 2025, which compromised the updater by redirecting requests to malicious mirrors serving unsigned installers. To identify if your installation was hit, look for unusual update dialog pop-ups with mismatched version numbers and larger installer sizes than usual. Immediate actions include downloading Notepad++ 8.9.1 from the official site, verifying its signature using the Digital Signatures tab, disabling auto-updates, and running the installer as Administrator to enforce TLS certificate validation. Additionally, if you're using a shared hosting environment, change your FTP/SFTP, SSH, and MySQL passwords immediately due to potential credential theft during the hack.

Notepad++ Hijacked by State‑Sponsored Hackers @ NT Compatible