ADVERTISEMENT

Notepad++ requires urgent update: hackers swapping configs to run malware

Notepad++, a popular text and source code editor used by 28 million users, has released emergency patches fixing three critical vulnerabilities that can be exploited to run malware. A simple, crafted shortcut file can trigger an attack.

Notepad plus plus affected by the malicious code

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
May 29, 2026 Updated: 1 June 2026 2 min read

Listen to this article

0:00
0:00
Key takeaways:
Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
  • Attackers with initial access can simply edit the links or setting files directly to run payloads with the user’s privileges, and maintain persistence.
  • Hackers can send a malicious .lnk (shortcut) file that points Notepad++ to open configuration files from an attacker-controlled directory. Double-clicking the shortcut would open a compromised Notepad++ instance.
  • Cloud sync poisoning – attackers can compromise one of the accounts and push poisoned settings files down to a user's machine
  • Malicious archives or installers, sneaking in bad configs, often via social engineering.
ADVERTISEMENT

ADVERTISEMENT