**Notepad++ Compromised by "State-Sponsored Hackers" - What You Need to Do If You Use the Popular Notepad Alternative**

Breaking News: One of the most popular alternatives to the native Notepad app in Windows 11, Notepad++, has fallen victim to a security breach at the hands of state-sponsored hackers.

A recent security disclosure published on the Notepad++ website reveals that the app was "hijacked" by malicious actors who exploited an infrastructure-level vulnerability. According to the post, security experts discovered that malicious actors were intercepting and redirecting update traffic destined for notepad-plus-plus.org, allowing them to push "malicious update manifests" to targeted users.

The Notepad++ team is confident that the vulnerability occurred through server hosting rather than the app's coding. The methods used by the attackers are still being investigated internally, but it appears that only certain users were targeted by a "redirect to attacker-controlled" servers. There's no indication as to how many users were affected.

Allegations point to a Chinese state-sponsored group of bad actors, with the hack beginning in June 2025 and continuing until September 2, 2025. However, it appears that the attackers continued to hold credentials granting access to internal services for a further three months, ending on December 2, 2025.

The Notepad++ team notes that the attackers specifically targeted the Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++. To address this vulnerability, the provider implemented remediation and security hardening by December 2, 2025, successfully blocking further attacker activity.

As part of the process, Notepad++'s website has been moved to a new host with stronger security. The app's updater was also enhanced in version v8.8.9 to verify both the certificate and the signature of the downloaded installer. This update was released just before Christmas 2025, but it's clear that this should have been implemented sooner.

The Notepad++ team leaves a message at the bottom of the latest post offering an apology while urging users to download version 8.9.1 and install it manually to receive the new security enhancements. With the native Windows Notepad app getting increasingly cluttered with AI features, you might want to consider switching to an alternative like Legacy Notepad, an open-source and free option available on GitHub.

What do you think? Do you use Notepad++ or stick with the native Notepad app?

**What You Need to Do:**

1. Download version 8.9.1 of Notepad++ 2. Install it manually 3. Verify that your Notepad++ updater is enhanced to verify both the certificate and signature of downloaded installers

Stay up-to-date with all the latest news, reviews, and guides for Windows and Xbox enthusiasts by following us on Google News.

**By Cale Hunt, Windows Central**

With over nine years of experience writing about laptops, PCs, accessories, games, and beyond, Cale brings a wealth of knowledge to our readers. If it runs Windows or complements the hardware in some way, he's likely written about it or is already testing it.