You can infect your PC with malware without ever leaving Notepad, thanks to recent updates and additions. Hooray.

There's a remote code execution vulnerability in Notepad which is leveraged via the recently introduced formatting abilities to make tables in the app.

According to Microsoft's release notes, the update fixes 25 elevation of privilege flaws, 12 remote code execution vulnerabilities, three denial of service vulnerabilities, five security feature ...

Notepad++ is a favorite of programmers and other power users, but its auto-update function was compromised for months in 2025 ...

Last year, the creator of Notepad++ rolled out an update for the text and source code editor after security experts reported ...

Remove the risk by never clicking on a random link ...

The hosting provider's compromise allowed attackers to deliver malware through tainted software updates for six months.

Today is Microsoft' 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly ...

State-backed attackers hijacked Notepad++ update traffic via a hosting provider breach, redirecting users to malicious downloads since June 2025.

As Chelsea heaped more misery on relegation favourites, Wolves, a milestone was marked for the new Chelsea boss. Liam ...

Rapid7 links China-linked Lotus Blossom to a 2025 Notepad++ hosting breach that delivered the Chrysalis backdoor via hijacked updates, fixed in v8.8.9 ...

Attackers had specifically delivered malware to systems using the Notepad++ updater. Investigations point to state actors.