2026-02-05
After the publication of Notepad++ Hijacked by State-Sponsored Hackers, we’ve received many questions from concerned users. Here’s what you need to know:
What Was Actually Compromised?
Notepad++ itself was NOT hacked. The issue was with the auto-updater component (WinGup), which was exploited through a compromise of our former hosting provider’s infrastructure. The Notepad++ application you’ve been using remains safe and secure.
Who Was Targeted?
This was a highly selective attack by a state-sponsored group targeting specific high-value organizations. Security researchers confirmed that the vast majority of Notepad++ users were never affected – attackers filtered victims based on strategic value, not random distribution.
For most users: Simply updating to the latest version is sufficient.
How to Protect Yourself
For Individual Users:
- Download and install Notepad++ v8.9.1 installer from the official website. You have the option to disable the auto-updater during installation if you desire.
- The latest version includes enhanced security that prevents this type of attack.
- No need to panic – if you weren’t a strategic target, you were likely never at risk.
- As always, maintain good password hygiene and security practices.
For Enterprise IT:
-
Check for IoCs (Indicators of Compromise) provided by our former hosting provider, Rapid7 and Kaspersky.
-
You can deploy v8.9.1 MSI package without the auto-updater entirely:
msiexec /i Notepad++.msi NOUPDATER=1
The security issue has been fully resolved. Update to the latest version and continue using Notepad++ with confidence.