Notepad++ Updates Compromised with Spyware (5 Viewers)

[isladogs]

Like me, many of you will probably be long time users of the very popular and free Notepad++ text editor.
In case you aren’t already aware, the hosting server used to deliver updates was compromised from June to Dec 2025 resulting in malicious spyware being installed on users’ computers. The issues have now been fixed, but all Notepad++ users should check and take appropriate action.

I’ve written a short article outlining the issues and action needed at Notepad++ Updates Compromised.
However, if you are a Notepad++ user, I strongly urge you to read the source article Notepad++ Supply Chain Attack Full Story for full details

Thanks to Peter Bryant who alerted all members of the UK Access User Group about the issues in the source article earlier today.

 

[RonPaii]

For years I have been going to Ninite.com to get tools like Notepad++
It gets the source from the original provider to install and update.

 

[isladogs]

In this case, I don't believe that would have helped as the update process was intercepted at the host.
Have you read the article?

 

[RonPaii]

In this case, I don't believe that would have helped as the update process was intercepted at the host.
Have you read the article?

Ninite does not use Notepad++'s update system, so the XML exploit is not triggered.

 

[isladogs]

Yes I understand that.
I may be wrong but my impression from reading the article was that any updates from the Notepad++ website itself were also intercepted as the hosting provider had been compromised
Personally I wouldn’t take the risk, no matter how you obtained any updates from June to Dec 2025.