Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by ...

The cybersecurity community is still grappling with a sobering realization: one of the most ubiquitous tools in the developer’s toolkit, Notepad++, was hiding a critical vulnerability for over six ...

State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.

Notepad++ targeted and used to deliver poisoned updates to a select group of victims.

The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software update mechanism to deliver tainted software to users for months.

Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that ...

Notepad++ 8.9.2 fixes update hijack exploited to deliver malware, patches RCE flaw, and hardens WinGUp security.

Notepad++ improves security mechanisms and closes a new vulnerability that allows attackers to execute malicious code.

CISA has expanded its KEV catalog with new SolarWinds, Notepad++, and Apple flaws, including two exploited as zero-days.

The Notepad++ supply chain compromise is the latest proof that sophisticated adversaries are deliberately targeting the gap between two disciplines: Vulnerability management and detection and response ...

TL;DR: Notepad++ was compromised for six months, but it wasn't the software itself which the exploit leveraged, but its hosting provider. An investigation into the attack has just been concluded with ...