Notepad++ XML Feed
Posted: Sun, 15 Feb 2026 00:00:00 +0000
2026-02-16“the XML returned by the update server is now signed (XMLDSig), and the certificate & signature verification will be enforced starting with upcoming v8.9.2, expected in about one month.“ As promised in the announcement Notepad++ Hijacked by State-Sponsored Hackers, this release strengthens the weakest links in Notepad++ update process.Below is an illustration of how the Notepad++ update mechanism was previously hijacked: With security enhancements introduced in v8. Continue reading at the publisher's website.
Posted: Sat, 14 Feb 2026 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Mon, 26 Jan 2026 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Sat, 27 Dec 2025 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Mon, 08 Dec 2025 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Mon, 08 Dec 2025 00:00:00 +0000
2025-12-09Some security experts recently reported incidents of traffic hijacking affecting Notepad++. According to the investigation, traffic from WinGUp (the Notepad++ updater) was occasionally redirected to malicious servers, resulting in the download of compromised executables.The review of the reports led to identification of a weakness in the way the updater validates the integrity and authenticity of the downloaded update file. In case an attacker is able to intercept the network traffic between the updater client and the Notepad++ update infrastructure, this weakness can be leveraged by an attacker to prompt the updater to download and executed an unwanted binary (instead of the legitimate Notepad++ update binary). Continue reading at the publisher's website.
Posted: Tue, 18 Nov 2025 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Sat, 18 Oct 2025 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Thu, 02 Oct 2025 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Thu, 02 Oct 2025 00:00:00 +0000
2025-10-07CVE-2025-56383 is one of the most absurd entries we’ve ever seen in the National Vulnerability Database.It’s misclassified under CWE-427: Uncontrolled Search Path Element. Yet the provided POC shows no connection to CWE-427.Notepad++ & its plugins are installed by default in the protected “Program Files” directory, requiring administrator privileges to modify. If an attacker already has those rights, they could replace any system file - so targeting a plugin is pointless. Continue reading at the publisher's website.
Posted: Wed, 13 Aug 2025 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Sat, 09 Aug 2025 00:00:00 +0000
Continue reading at the publisher's website.
Posted: Sat, 09 Aug 2025 00:00:00 +0000
2025-08-12There is a critical regression in release v8.8.4. Please use v8.8.5 instead. Continue reading at the publisher's website.
Posted: Fri, 04 Jul 2025 00:00:00 +0000
Continue reading at the publisher's website.