Notepad++ Targeted in Software Supply Chain Attack

February 3, 2026

What happened?

On February 2^nd, 2026, the common text editor, Notepad++, shared an update to its initial announcement in December 2025 that it was the target of a software supply chain attack. According to the announcement, starting in June 2025, bad actors intercepted and redirected requests for updates to malicious infrastructure. These bad actors were then able to deliver malware through a software update channel that users trusted.

What does this mean for me?

If you or your colleagues are Notepad++ users, Notepad++ recommends that users download v8.9.1, which includes the necessary security enhancements. It also recommends that users utilize the installer to manually update Notepad++.

If your firm actively uses Notepad++, you should review endpoint and network logs for any suspicious outbound activity or connections that may be related to Notepad++.

There are also general best practices advisers should consider to help prevent these kinds of cyberattacks from infiltrating your firm:

• Maintain an approved software list to ensure employees are only utilizing approved software that has been vetted and monitored.
• Block employees from downloading software on their own, as this can prevent against malware.
• Deploy antivirus software and keep it up to date on employees’ devices.
• Ensure that less-commonly used devices are also reviewed on a regular basis.

If you have any questions, or if you need help updating your cyber program to meet SEC requirements and industry practices, contact us to speak with a regulatory expert.