@TrimTab modern Linux repositories use digital signatures (like OpenPGP), so they are indeed safer to use.
I use both Debian and Fedora, and I can testimony the superior quality of the updates offered, in terms of timing and reliability. Indeed, trying new software is much easier this way!

@vrtxd "[...] the attack involved infrastructure-level compromise [...] at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. [...] Multiple independaent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group".

So, the incident says nothing about the developer's reliability!

@rocky1138 it depends on if the user can and wants to change OS. A single security issue on a replaceable application isn't a sufficient incentive.

@TrimTab most Windows developers use this editor in place of the standard Notepad. It has a very large userbase and frequent updates, so I wouldn't describe it as irrelevant.

@OtterSide hi, unfortunately, Windows users can also use 3rd party software updaters and download sites, in which case they might've been affected too. In doubt, if you've downloaded or updated Notepad++ in 2025, you should upgrade ASAP.

Notepad++'s update servers have been compromised by Chinese hackers and all users had been exposed to malware. The developer estimated the overall compromise period spanned from June through December 2, 2025.
Users should update to version 8.9.1 (or superior) immediately.

Source: https://notepad-plus-plus.org/news/hijacked-incident-info-update/

#security #vulnerability #windows #text #editor #notepad #foss #freesoftware #software