Notepad++, one of the most popular alternatives to the native Notepad app in Windows 11, has today published on its website a security disclosure stating that the app was “hijacked by state-sponsored hackers.” If you have Notepad++ installed on your PC, you’ll definitely want to read through it and make some necessary changes on your system.
The disclosure states that security experts discovered an “infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org.”
The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++. All remediation and security hardening were completed by the provider by December 2, 2025, successfully blocking further attacker activity.
Notepad++ team
As part of the process of addressing the vulnerability, Notepad++’s website has moved to a new host with stronger security. For the app itself, Notepad++’s updater “was enhanced in v8.8.9 to verify both the certificate and the signature of the downloaded installer.”
I’m no security specialist, but it does seem like that sort of verification should have been in place already. Version 8.8.9 was just launched in December 2025 and came with a mention of the attack in its notes.
The Notepad++ team leaves a message at the bottom of the latest post offering an apology while urging users to download version 8.9.1 and install it manually to receive the new security enhancements.
With the native Windows Notepad app getting more jammed up with AI all the time, and now Notepad++ falling victim to an attack, you might want to try something like Legacy Notepad, an open-source and free alternative available on GitHub.
Do you use Notepad++? Or are you sticking with native Notepad? What about a different alternative? Let me know in the comments section!
Follow Windows Central on Google News to keep our latest news, insights, and features at the top of your feeds!
