Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The Hacker News by The Hacker News
February 2, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananFeb 02, 2026Threat Intelligence / Malware

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility’s update mechanism to redirect update traffic to malicious servers instead.

“The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org,” developer Don Ho said. “The compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself.”

The exact mechanism through which this was realized is currently being investigated, Ho added.

The development comes a little over a month after Notepad++ released version 8.8.9 to address an issue that resulted in traffic from WinGUp, the Notepad++ updater, being “occasionally” redirected to malicious domains, resulting in the download of poisoned executables.

Cybersecurity

Specifically, the problem stemmed from the way the updater verified the integrity and authenticity of the downloaded update file, allowing an attacker who is able to intercept network traffic between the updater client and the update server to trick the tool into downloading a different binary instead.

It’s believed this redirection was highly targeted, with traffic originating from only certain users routed to the rogue servers and fetching the malicious components. The incident is assessed to have commenced in June 2025, more than six months before it came to light.

Independent security researcher Kevin Beaumont revealed that the flaw was being exploited by threat actors in China to hijack networks and deceive targets into downloading malware. In response to the security incident, the Notepad++ website has been migrated to a new hosting provider.

“According to the former hosting provider, the shared hosting server was compromised until September 2, 2025,” Ho explained. “Even after losing server access, attackers maintained credentials to internal services until December 2, 2025, which allowed them to continue redirecting Notepad++ update traffic to malicious servers.”



Source link

The Hacker News

The Hacker News

Next Post
AWS launches M8a, R8a, and C8a instances: Up to 30% performance boost

AWS launches M8a, R8a, and C8a instances: Up to 30% performance boost

Recommended.

Here’s why banks don’t want the CFPB to disappear

Here’s why banks don’t want the CFPB to disappear

March 10, 2025
Here Are What 20 MSP 500 Executives See As The Biggest Challenges To Their Business In 2026

Here Are What 20 MSP 500 Executives See As The Biggest Challenges To Their Business In 2026

February 17, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
OpenTable Launches All-in-One Marketplace for Private and Group Dining

OpenTable Launches All-in-One Marketplace for Private and Group Dining

September 16, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio