Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

A Sinister Shadow Looms Over the World of Notepad++: A Gripping Tale of Hijacked Updates and Cybersecurity Threats



Notepad++ users may have unknowingly downloaded a malicious update for the app after its shared hosting servers were hijacked last year. A recent post by the developer reveals that the hackers were likely a Chinese state-sponsored group, and that the app's servers were vulnerable for roughly six months from June through December 2nd, 2025. Users who failed to update their software in a timely manner may have left themselves vulnerable to this malicious attack.

  • Notepad++ was compromised by hackers for six months starting in June 2025.
  • Malicious updates could have granted remote access to users' keyboards, capturing sensitive information.
  • The attack targeted specific individuals or organizations with interests in East Asia.
  • Users who failed to update their software may have been left vulnerable to the malicious attack.
  • The developer has updated the updater with stronger security features to prevent similar attacks.
  • Users should run version 8.8.9 or later and download updates from the official Notepad++ website.
  • Be cautious of suspicious activity from "gup.exe" and check for malicious files in TEMP folders.



    • In a shocking revelation that has sent shockwaves throughout the cybersecurity community, it has come to light that the text and code editor Notepad++ was unwittingly compromised by hackers for an extended period of six months. The attack, which began in June 2025 and continued until December 2nd of the same year, left many users vulnerable to malicious updates that could have potentially granted hackers remote access to their keyboards.

    According to a detailed post by Don Ho, the developer of Notepad++, the hijacking occurred on the app's unnamed hosting provider's end. The attack involved highly selective targeting, with certain targeted users being redirected away from the legitimate Notepad++ website and towards attacker-controlled servers that served malicious update manifests. It is estimated that the hackers were able to selectively target specific individuals or organizations with interests in East Asia.

    The malicious updates, which were distributed through the app's updater, contained executable files that could potentially be used to gain remote access to a user's keyboard. This would have allowed the hackers to capture sensitive information, including login credentials and other personal data. The attack was so sophisticated that it is believed that the hackers were able to selectively target specific individuals or organizations, rather than simply compromising the app for mass exploitation.

    The incident highlights the importance of regular software updates and the need for users to be vigilant when it comes to downloading and installing new versions of their favorite apps. Notepad++ users who failed to update their software in a timely manner may have left themselves vulnerable to this malicious attack.

    In response to the attack, Don Ho has taken steps to strengthen the security measures in place for the app's updater. The developer has updated the updater itself with stronger security features, including checks for tampering and verification of updates to ensure that they are legitimate.

    Users of Notepad++ are advised to take immediate action to protect themselves from this malicious attack. According to Kevin Beaumont, a prominent cybersecurity expert, users should make sure that they are running at least version 8.8.9 of the app, which addresses the vulnerabilities exploited by the hackers. Users are also advised to download updates directly from the Notepad++ website and to double-check that they are not using an unofficial version of the app.

    Furthermore, Kevin Beaumont has warned users to be on the lookout for suspicious activity from "gup.exe," the app's updater, and to check their TEMP folders for a malicious "update.exe" or "AutoUpdater.exe" file. This is crucial advice for users who wish to protect themselves from further exploitation.

    The incident also raises questions about the cybersecurity practices of Don Ho, the developer of Notepad++. In 2019, Don Ho released an update that criticized the Chinese government in what was described as a "Free Uyghur" edition. The developer claimed that his website had faced DDoS attacks in response to this move.

    The incident highlights the complexities and challenges of cybersecurity in today's world. As technology continues to evolve at breakneck speed, it is essential for developers, users, and governments to work together to protect against these types of threats.

    In conclusion, the hijacking of Notepad++ updates is a stark reminder of the importance of vigilance when it comes to cybersecurity. Users must take immediate action to protect themselves from this malicious attack, while developers like Don Ho must continue to prioritize security and transparency in their software development practices.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-Sinister-Shadow-Looms-Over-the-World-of-Notepad-A-Gripping-Tale-of-Hijacked-Updates-and-Cybersecurity-Threats-ehn.shtml

  • https://www.theverge.com/tech/872462/notepad-plus-plus-server-hijacking

  • https://www.securityweek.com/notepad-patches-updater-flaw-after-reports-of-traffic-hijacking/

  • https://cybersecuritynews.com/notepad-vulnerability-exploited/


    • Published: Mon Feb 2 14:55:03 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us