Over the course of nearly 300 posts, Jonathan Bennett set a very high bar for this column, so we knew it needed to be placed in the hands of somebody who could do it justice.

Notepad++ has adopted a “double-lock” design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise. The new mechanism landed in Notepad++ ...

Software updates usually keep us safe, but what happens when hackers hijack the update process itself? This is exactly what happened to Notepad++ during a sophisticated attack in 2025. To solve this, ...

Kaspersky Global Research and Analysis Team (GReAT) researchers have discovered that attackers behind the Notepad++ supply chain compromise targeted a government organization in the Philippines, a ...

A Chinese-linked cyberespionage group with a long history hijacked ⁠the update process for the popular code editing platform Notepad++ to deliver a custom backdoor and other malware to targeted users, ...

Between June and December 2025, a sophisticated supply chain attack targeted the official update system of Notepad++. This incident allowed attackers to deliver spyware to specific users by hijacking ...

When affected users checked for updates inside Notepad++, their requests to getDownloadUrl.php were silently redirected. Instead of receiving legitimate update information, they were sent altered XML ...

Notepad++, a popular text and source code editor, has revealed that its update system was hijacked in a targeted cyberattack. The breach, which is believed to have been carried out by state-sponsored ...

There has been a continuing problem where traffic from WinGUp, an updater for the text editor Notepad++, was being redirected to malicious domains and distributing malware, and it has now been ...

A new cybersecurity report has revealed that hackers exploited the Notepad++ updater to conduct a months-long targeted cyberattack against select users, raising fresh concerns over software ...

The developer of Notepad++ has reportedly noted that its software update mechanism was covertly hijacked for several months last year, with evidence suggesting the operation was carried out by a ...