The Notepad++ open source project has disclosed new details about a supply chain compromise that impacted its update delivery infrastructure between June and December 2025.

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

Notepad++ disclosed a supply chain attack from June to December 2025 where state-sponsored threat actors linked to China compromised a third-party hosting provider to selectively redirect update requests from high-value targets to malicious servers. The attackers exploited insufficient verification controls in the WinGUp auto-updater (versions 8.8.9 and earlier) to deliver malware. The issue was fully resolved in December 2025 with version 8.8.9, which enforced mandatory certificate and digital signature verification. Users should manually update to version 8.8.9 or later from the official website and avoid using the legacy auto-updater.

Notepad++ 2025 Compromise

Manually Update to a Safe Notepad++ Version