Notepad++ update hijack tied to state-backed actors, researchers say
Notepad++’s updater was compromised in mid-2025, with attackers redirecting update traffic to malicious servers and exploiting weak verification in older versions. The campaign appeared targeted and persisted for months, with access lasting until December 2025. Official hashes/signatures were later published to help users verify installs. Users are urged to verify binaries against SHA-256 hashes, upgrade to patched releases (8.8.7+), and consider disabling auto-updates if unsure.