A recent security incident involving the Notepad++ update infrastructure allowed attackers to intercept and redirect update traffic, delivering malicious software to selected users. This may result in unauthorized code execution on affected systems without the user’s knowledge.

Affected Systems and Versions:

• Windows Notepad++ installations prior to version 8.9.1

Security Risks

Successful exploitation of vulnerabilities in the Notepad++ update mechanism could allow attackers to deliver malicious software to targeted users, potentially resulting in unauthorized code execution, access to sensitive data, and full system compromise.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends the following actions:

• Manually update to Notepad++ version 8.9.1 from the official website: https://notepad-plus-plus.org/downloads/

• Verify the installer is signed by GlobalSign and shows “This digital signature is OK” in Windows.

• Only download and run installers from official sources; avoid unofficial websites or third-party downloads.

• Backup important files before updating to prevent potential data loss.

For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.

References

• Notepad++ Hijacked by State-Sponsored Hackers

• https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html

• Notepad++ Updates Hijacked in State-Sponsored Attack, Developers Respond

• Download Notepad++ v8.9.1 (stable: auto-update triggered)

• https://notepad-plus-plus.org/downloads/