From June to Dec 2025, attackers (likely Chinese state-sponsored, e.g. Lotus Blossom) compromised the old hosting provider. They selectively hijacked update traffic for targeted users, redirecting some to malicious installers delivering backdoors like Chrysalis.
Source code was NOT compromised. Issue fixed: migrated to secure hosting + stronger update verification (certificate + signature checks) in v8.8.9+ (enforced in v8.9.2+).
What to do NOW:
- Update to latest Notepad++ (v8.9.1 or newer) → download manually from https://notepad-plus-plus.org or official GitHub
- Avoid auto-updates on old versions & third-party sources
- If you used auto-update during Jun-Dec 2025 (esp. if in targeted regions/orgs), scan your system thoroughly & watch for odd behavior
Full details: https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Better safe than sorry – update today! #Notepad++ #CyberSecurity #SupplyChainAttack”
![Human In[Security] Die-cut stickers](https://humaninsecurity.com/wp-content/uploads/2026/01/die-cut-stickers-satin-6x6-front-697d1d26150e0-300x300.jpg)
![Human Network In[]Security Cotton Heritage MC1082 I Men's Premium Short Sleeve Tee](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-mc1082-i-mens-premium-short-sleeve-tee-vintage-white-front-697d1df2a58b4-300x300.jpg)
![Official Human In[Security] Unisex Hoodie](https://humaninsecurity.com/wp-content/uploads/2026/01/cotton-heritage-m2580-i-unisex-premium-pullover-hoodie-carolina-blue-front-697d24c26e85b-300x300.jpg)