Notepad++ Hijacked by State-Sponsored Hackers
According to the former hosting provider, the shared hosting server was compromised until September 2, 2025. Even after losing server access, attackers maintained credentials to internal services until December 2, 2025, which allowed them to continue redirecting Notepad++ update traffic to malicious servers. The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++. All remediation and security hardening were completed by the provider by December 2, 2025, successfully blocking further attacker activity. […]
I deeply apologize to all users affected by this hijacking. I recommend downloading v8.9.1 (which includes the relevant security enhancement) and running the installer to update your Notepad++ manually.