| Notepad++ notepad-plus-plus.org
2025-12-27

Though the version number is major, this release itself is not a major update, and it contains regression-fix & enhancements.

The self-signed certificate is no longer used as of this release. Only the legitimate certificate issued by GlobalSign is now used to sign Notepad++ release binaries. We strongly recommend that users who previously installed the self-signed root certificate remove it.

A log of security errors encountered during Notepad++ updates is now generated automatically. In case the auto-update process stops due to a signature or certificate verification failure - users can check the file located at ”%LOCALAPPDATA%\Notepad++\log\securityError.log” to identify the issue and report it to the Notepad++ issue tracker.

The jarring color regression in dark mode regression introduced in v8.8.9 has also been fixed in this release.

In addition to the security enhancements & the regression-fix mentioned above, this release includes various bug-fixes & several additional enhancements. You can view the full list of improvements for version 8.9 and download it here:

I’ve received numerous complaints via email, social media, and forums regarding a website that poses a significant threat to our community. The site in question is https://notepad.plus/ which appears prominently when users google for “download Notepad++”.

In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain.

We believe this evolution will have a real world impact among corporate users getting compromised via malicious ads eventually leading to the deployment of malware and ransomware.

In this blog post, we look at a malvertising campaign that seems to have flown under the radar entirely for at least several months. It is unique in its way to fingerprint users and distribute time sensitive payloads.