If you used Notepad++’s built-in auto updater late last year, your system may be compromised.
Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled further exploits until December 2nd, 2025. In an effort to thwart similar issues moving forward, Notepad++ has moved to a hosting provider „with significantly stronger security practices“, which has been in place since Notepad++ version 8.8.9. For users who happened to follow an auto-update prompt or started one through Notepad++ within the vulnerable timeframe though, you’ll very much want to scan your system for malware.
