{"id":209351,"date":"2026-02-02T08:19:00","date_gmt":"2026-02-02T13:19:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/02\/notepad-patches-update-chain-after-targeted-compromise-the-register\/"},"modified":"2026-02-02T20:05:10","modified_gmt":"2026-02-03T01:05:10","slug":"notepad-patches-update-chain-after-targeted-compromise-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/02\/notepad-patches-update-chain-after-targeted-compromise-the-register\/","title":{"rendered":"Notepad++ patches update chain after targeted compromise \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/02\/notepad_plusplus_intrusion\/\">Notepad++ patches update chain after targeted compromise \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/02\/notepad_plusplus_intrusion\/\">https:\/\/www.theregister.com\/2026\/02\/02\/notepad_plusplus_intrusion\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-02 08:19:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>A state-sponsored cyber criminal compromised Notepad++&#8217;s update service in 2025, according to the project&#8217;s author.<\/p>\n<p>The admission comes after version 8.8.9 of the text editor was released on December 9. The &#8220;hardened&#8221; version verified the signature and certificate of downloaded installers during the update process. On December 27, version 8.9 was released, which dropped the use of a self-signed certificate. The project said: &#8220;Only the legitimate certificate issued by GlobalSign is now used to sign Notepad++ release binaries. We strongly recommend that users who previously installed the self-signed root certificate remove it.&#8221;<\/p>\n<p>Today, in a post titled &#8220;Notepad++ Hijacked by State-Sponsored Hackers,&#8221; Notepad++ confirmed the app had fallen victim to miscreants.<\/p>\n<p>The exact details of the mechanism used in the exploit remain under investigation, but the problem stems from a compromised hosting server and inadequate update verification controls in older versions of the editor. According to a Notepad++:<\/p>\n<p>&#8220;Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.&#8221;<\/p>\n<p>The incident began in June, according to Notepad++. The shared hosting service was compromised until September 2, and even after losing access, the attackers retained credentials for internal services until December 2. While investigations indicate the attack ended on November 10, Notepad++&#8217;s author wrote: &#8220;I estimate the overall compromise period spanned from June through December 2, 2025, when all attacker access was definitively terminated.&#8221;<\/p>\n<p>Security researcher Kevin Beaumont noted something was afoot on December 2. &#8220;I&#8217;ve heard from 3 orgs now who&#8217;ve had security incidents on boxes with Notepad++ installed, where it appears Notepad++ processes have spawned the initial access. These have resulted in&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/02\/notepad_plusplus_intrusion\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Notepad++ patches update chain after targeted compromise \u2022 The Register https:\/\/www.theregister.com\/2026\/02\/02\/notepad_plusplus_intrusion\/ Publish Date: 2026-02-02 08:19:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":209352,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2023\/06\/22\/shutterstock_please_explain.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31],"class_list":["post-209351","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209351"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=209351"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209351\/revisions"}],"predecessor-version":[{"id":209353,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/209351\/revisions\/209353"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/209352"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=209351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=209351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=209351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}