Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Notepad++ Secures Update Process Against Malware Threat

Notepad++ Secures Update Process Against Malware Threat

Posted on February 18, 2026 By CWS

Notepad++ has fortified its software update mechanism with a newly released security update, addressing vulnerabilities exploited by a Chinese cyber threat group. The latest version, 8.9.2, introduces a ‘double lock’ strategy to ensure a more rigorous and secure update process.

Enhanced Update Security

The update process for Notepad++ has been significantly improved by verifying both the installer downloaded from GitHub and the signed XML from the update server at notepad-plus-plus[.]org. This measure, detailed by maintainer Don Ho, aims to prevent exploitation by unauthorized entities.

Additionally, significant changes have been made to WinGUp, Notepad++’s auto-updater, to eliminate potential security risks. These changes include removing the libcurl.dll to mitigate DLL side-loading threats and disabling two unsecured cURL SSL options, namely CURLSSLOPT_ALLOW_BEAST and CURLSSLOPT_NO_REVOKE. Moreover, plugin management execution is now restricted to programs signed with the same certificate as WinGUp.

Addressing Critical Vulnerabilities

The update also resolves a high-severity vulnerability, identified as CVE-2026-25926, which scored 7.3 on the CVSS scale. This vulnerability could potentially allow arbitrary code execution through an unsafe search path when Windows Explorer launches without a defined executable path.

Ho explained that this flaw could be exploited if an attacker manages to control the process’s working directory, potentially leading to malicious execution within the running application.

Response to Previous Attacks

This development follows a recent disclosure by Notepad++ regarding a breach at the hosting provider level, which allowed attackers to hijack update traffic starting June 2025. By December 2025, it was discovered that certain user requests were redirected to malicious servers, resulting in the deployment of a compromised update.

Security firms Rapid7 and Kaspersky identified the tampered updates as a vector for delivering the Chrysalis backdoor, a novel threat attributed to the China-based hacking group Lotus Panda. This supply chain attack was registered under CVE-2025-15556, with a CVSS score of 7.7.

Notepad++ users are urged to upgrade to version 8.9.2 immediately and ensure that installations are sourced from the official website to safeguard against these threats.

The Hacker News Tags:application security, China hacking group, Chrysalis backdoor, CVE-2026-25926, Cybersecurity, DLL Sideloading, Hacking, Lotus Panda, Malware, Notepad, security update, software update, software vulnerability, supply chain attack, WinGUp

Post navigation

Previous Post: CISA Alerts on Active Exploitation of Google Chromium Vulnerability
Next Post: Critical Flaw in Popular VS Code Extension Exposes Developers

Related Posts

AI Agents Outpacing Governance: A Growing Challenge AI Agents Outpacing Governance: A Growing Challenge The Hacker News
SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers The Hacker News
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw The Hacker News
New Android Malware Uses AI for Persistent Threats New Android Malware Uses AI for Persistent Threats The Hacker News
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files The Hacker News
Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Government Pays $1M to Prevent Data Leak by Kairos Group
  • North Korean Hackers Launch PolinRider Campaign
  • Critical ‘Bad Epoll’ Flaw Risks Linux and Android Security
  • PamStealer Targets macOS Users via Fake Clipboard Manager
  • New FatFs Vulnerabilities Threaten Embedded Devices

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark