Notepad++ version 8.9.2 double-lock update hardening
Security Patch Release
Summary
Hide ▲
Show ▼
Notepad++ version 8.9.2 introduces a double-lock update mechanism that reduces supply-chain compromise risk in the auto-update path. The release verifies the signed installer from GitHub and the signed XML from notepad-plus-plus.org, making the updater materially harder to abuse. Users are advised to upgrade to 8.9.2 and keep installers tied to the official domain.
Related Happenings
CPanel and WHM emergency update for critical auth-bypass
Security Patch Release
First: 29.04.2026 18:51
Last: 29.04.2026 18:51
Sources 1
About this happening:
**WebPros International** released an **emergency update** for **cPanel** and **WHM** after a critical **authentication-bypass** flaw could expose supported installations to **una...
CPanel and WHM emergency update for critical auth-bypass
Security Patch ReleaseAbout this happening: **WebPros International** released an **emergency update** for **cPanel** and **WHM** after a critical **authentication-bypass** flaw could expose supported installations to **una...
Lotus Blossom Notepad++ updater compromise campaign
Campaign
First: 17.02.2026 20:29
Last: 17.02.2026 20:29
Sources 1
How related:
Starting in June 2025, the bad actor compromised the hosting provider that ran the Notepad++ updater and selectively redirected update requests from specific users to malicious servers.
About this happening:
The **Lotus Blossom** operation compromised the **Notepad++ updater** and **selectively redirected update requests** from specific users to malicious servers, creating a supply-ch...
Lotus Blossom Notepad++ updater compromise campaign
CampaignHow related: Starting in June 2025, the bad actor compromised the hosting provider that ran the Notepad++ updater and selectively redirected update requests from specific users to malicious servers.
About this happening: The **Lotus Blossom** operation compromised the **Notepad++ updater** and **selectively redirected update requests** from specific users to malicious servers, creating a supply-ch...
Notepad++ hit by network compromise
Incident
First: 03.02.2026 06:55
Last: 03.02.2026 06:55
Sources 1
About this happening:
The **Notepad++** hosting breach enabled attackers to hijack the software update path and selectively redirect some users to **malicious servers**, creating a **supply-chain** ris...
Notepad++ hit by network compromise
IncidentAbout this happening: The **Notepad++** hosting breach enabled attackers to hijack the software update path and selectively redirect some users to **malicious servers**, creating a **supply-chain** ris...
Latest development: 18.02.2026 09:40
Notepad++ released version 8.9.2 to harden the update mechanism after the hijacked update path was used to deliver targeted malware. The release adds a "double lock" design with verification of the signed installer downloaded from GitHub and verification of the signed XML returned by the update server at notepad-plus-plus[.]org, and it also introduces WinGUp hardening including removal of libcurl.dll, removal of CURLSSLOPT_ALLOW_BEAST and CURLSSLOPT_NO_REVOKE, and restriction of plugin management execution to programs signed with the same certificate as WinGUp.
Microsoft security patch release for CVE-2026-20805
Security Patch Release
First: 14.01.2026 02:47
Last: 14.01.2026 02:47
Sources 1
About this happening:
**Microsoft** released January 2026 security updates for **Windows** and supported software, fixing **at least 113 vulnerabilities** and **8 critical flaws**. The release includes...
Microsoft security patch release for CVE-2026-20805
Security Patch ReleaseAbout this happening: **Microsoft** released January 2026 security updates for **Windows** and supported software, fixing **at least 113 vulnerabilities** and **8 critical flaws**. The release includes...
Microsoft January 2026 Patch Tuesday 114-flaw security update (multiple vulnerabilities)
Security Patch Release
First: 13.01.2026 20:34
Last: 13.01.2026 20:34
Sources 1
About this happening:
**Microsoft** released its **January 2026 Patch Tuesday** update, fixing **114 flaws** and raising urgency because it includes **one actively exploited** issue and **two publicly...
Microsoft January 2026 Patch Tuesday 114-flaw security update (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **Microsoft** released its **January 2026 Patch Tuesday** update, fixing **114 flaws** and raising urgency because it includes **one actively exploited** issue and **two publicly...
Timeline
-
17.02.2026 20:29 1 articles · 3mo ago
Notepad++ updater compromise discovered on December 2, 2025
Detection Ioc UpdateThe Notepad++ updater compromise was discovered on December 2, 2025 after a compromised hosting provider selectively redirected update requests to malicious servers and attackers exploited weak update verification controls in older versions of the software.
Show sources
- Notepad++ boosts update security with ‘double-lock’ mechanism — www.bleepingcomputer.com — 17.02.2026 20:29
-
17.02.2026 20:29 2 articles · 3mo ago
Notepad++ version 8.9.2 introduces double-lock updater hardening
Mitigation Patch UpdateNotepad++ version 8.9.2 adds a double-lock update mechanism that verifies the signed installer from GitHub and the signed XML from notepad-plus-plus.org, removes libcurl.dll to reduce DLL side-loading risk, removes CURLSSLOPT_ALLOW_BEAST and CURLSSLOPT_NO_REVOKE, restricts plugin management execution to programs signed with the same certificate as WinGUp, and supports excluding the auto-updater with msiexec /i npp.8.9.2.Installer.x64.msi NOUPDATER=1.
Show sources
- Notepad++ boosts update security with ‘double-lock’ mechanism — www.bleepingcomputer.com — 17.02.2026 20:29
- Notepad++ boosts update security with ‘double-lock’ mechanism — www.bleepingcomputer.com — 17.02.2026 20:29