The Verge

Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links

Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. Bad actors could use the flaw to remotely load and execute malicious files on a victim’s computer. is ...
PC World

Windows Notepad is now complex enough to have a serious security flaw

PCWorld reports that Windows Notepad’s new Markdown support feature has introduced a serious remote code execution vulnerability with a high CVSS score of 8.8/7.7. The security flaw allows malicious ...
TechRadar

Microsoft patches concerning Windows 11 Notepad security flaw - Markdown issues could have let hackers slip in malware without warning

Microsoft patches Windows 11 Notepad RCE flaw CVE-2026-20841 Vulnerability exploited Markdown links to execute malicious code with user permissions Patch Tuesday update fixes issue; versions 11.2510 ...
Windows Central

Windows 11 locked me out of Notepad via Microsoft Account bugs — is the 'Thin Client' era ruining my 27 blissful years of PCs?

I don't want people to switch away from Windows; I want Microsoft to treat its premier operating system like it used to. When you purchase through links on our site, we may earn an affiliate ...
Ars Technica

Notepad++ users take note: It’s time to check if you’re hacked

Infrastructure delivering updates for Notepad++—a widely used text editor for Windows—was compromised for six months by suspected China-state hackers who used their control to deliver backdoored ...
PC World

Hijacked Notepad++ updater quietly targeted users for months

PCWorld reports that Notepad++’s WinGUp update system was compromised between June and December 2025, delivering malware through corrupted executables to targeted users. While the popular text editor ...
TechCrunch

Notepad++ says Chinese government hackers hijacked its software updates for months

The developer of the popular open source text editor Notepad++ has confirmed that hackers hijacked the software to deliver malicious updates to users over the course of several months in 2025. In a ...
The Verge

Notepad++ updates got hijacked for months and could have spied for China

The app’s servers were compromised from June through December 2025. The app’s servers were compromised from June through December 2025. is a news writer covering all things consumer tech. Stevie ...
ExtremeTech

Notepad++ Says Chinese-State Hackers Spent Half a Year Hijacking Its Software Updates

Don Ho, the programmer behind the popular Windows text and source code editor Notepad++, says Chinese government hackers spent half a year hijacking the tool's software updates. The state-sponsored ...
HotHardware

Notepad++ Confirms Hackers Hijacked Update Infrastructure To Push Malware

Notepad++ reported that its built-in auto-update feature had been hijacked by Chinese state-sponsored hackers from June to September of 2025, and the credentials gathered by the bas actors enabled ...
Dark Reading

Chinese Hackers Hijack Notepad++ Updates for 6 Months

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...