Contact
Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Cybersecurity is about sharing. Recognize the risk,
combat it, share your experiences, and encourage others
to do better than you.
Banner Mobile
Banner Ancharia Desktop 1 1
Notepad++ Vulnerability Fixed: Update to 8.8.9 to Avoid Malware

Notepad++ Vulnerability Fixed: Update to 8.8.9 to Avoid Malware

11 December 2025 17:18

Notepad++ is often targeted by attackers because the software is popular and widely used. A recently discovered vulnerability in the open-source text and code editor Notepad++ could allow attackers to hijack network traffic, hijack the update process, and install malware on affected computers . This flaw has now been fixed in Notepad++ version 8.8.9.

Users running older versions should immediately run a thorough scan with reputable security software. Their systems may already be compromised; in more severe cases, a complete reinstallation may be the only reliable solution.

According to the developers, the Notepad++ update utility, WinGUp, could, under certain circumstances , be redirected to a malicious server, resulting in the download of a malicious executable file that can infect the system.

During the update process, WinGUp checks the version number and queries the https://notepad-plus-plus.org/update/getDownloadUrl[.]php endpoint. This endpoint generates an XML file that includes the download URL, which the updater retrieves and executes from the %TEMP% directory. Any adversary capable of intercepting and modifying this traffic could alter the download URL, for example, replacing it with a link to a malicious payload.

Starting with version 8.8.7, Notepad++ has adopted a trusted GlobalSign digital certificate, eliminating the need for users to install a separate root certificate and significantly strengthening the application’s security.

Version 8.8.8 introduced the requirement that WinGUp use GitHub.com as the only download source, while the new version 8.8.9 further improves security by properly validating the downloaded file’s digital signature and certificate . If verification fails, the update process is aborted.

Developers have not yet determined exactly how the traffic hijacking occurred, and further investigation is ongoing. However, existing evidence suggests that attackers have already exploited the vulnerability against specific targeted organizations.

Users are strongly recommended to update to at least version 8.8.8, although a direct update to version 8.8.9 is preferred . Since version 8.8.8 cannot detect the latest version, users should manually download version 8.8.9 from the official website.

Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.

  • #coding
  • #cybersecurity
  • Malware
  • notepad++
  • security patch
  • software security
  • Tech News
  • text editor
  • update
  • Vulnerability
Cropped RHC 3d Transp2 1766828557 300x300
The editorial staff of Red Hot Cyber is composed of IT and cybersecurity professionals, supported by a network of qualified sources who also operate confidentially. The team works daily to analyze, verify, and publish news, insights, and reports on cybersecurity, technology, and digital threats, with a particular focus on the accuracy of information and the protection of sources. The information published is derived from direct research, field experience, and exclusive contributions from national and international operational contexts.