Microsoft: Critical Security Issue Found in Windows Notepad

Microsoft patches CVE-2026-20841, a high-severity Windows Notepad flaw that could allow code execution via malicious Markdown ...

Microsoft Just Patched a Major Security Vulnerability for This Popular Windows App

AI-related changes to Notepad allowed attackers to execute arbitrary code on your computer. The vulnerability was related to Markdown support, which was added last year.
The Indian Express

Microsoft fixes Notepad flaw that could allow attackers hijack your Windows PC

Microsoft has rolled out a security update to patch a critical vulnerability in its Notepad app. The development comes just a day after the developer of Notepad++, a popular alternative to Microsoft’s ...
TechRadar

Microsoft patches concerning Windows 11 Notepad security flaw - Markdown issues could have let hackers slip in malware without warning

Microsoft patches Windows 11 Notepad RCE flaw CVE-2026-20841 Vulnerability exploited Markdown links to execute malicious code with user permissions Patch Tuesday update fixes issue; versions 11.2510 ...
cybernews

Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI features

The Windows 11 Notepad app, recently upgraded with AI features, now carries a high-severity flaw that exposes users to dangerous attacks. Hackers can simply send boobytrapped text files and remotely ...
Engadget

Notepad++ says it was hijacked by Chinese state-sponsored hackers

Last year, the creator of Notepad++ rolled out an update for the text and source code editor after security experts reported that bad actors were hijacking its update mechanism to redirect traffic to ...
TechRadar

Notepad++ hit by suspected Chinese state-sponsored hackers - here's what we know so far

Notepad++ targeted in sophisticated supply-chain style attack via compromised hosting server Attackers delivered tainted updates to select victims, exploiting weak update verification controls Breach ...
heise online

Notepad++: Updater takeover by state actors

Following the patching of a previously exploited security vulnerability in the update mechanism by a Notepad++ update in December, investigation results on the incidents are now available. According ...
Infosecurity-magazine.com

Notepad++ Update Hijacking Linked to Hosting Provider Compromise

A months-long supply chain attack that affected the Notepad++ update process has been linked to a compromise of shared hosting infrastructure rather than a flaw in the software's code. This according ...
Dark Reading

Chinese Hackers Hijack Notepad++ Updates for 6 Months

A likely China-sponsored threat actor hijacked Notepad++'s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six ...
The Hacker News

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] ...
PC Magazine

Chinese Hackers Hit Notepad++ to Serve Malicious Update

During the investigation, the unnamed hosting provider for notepad-plus-plus.org confirmed that its logs showed signs of a compromise. On Sept. 2, a server update booted the hackers out. However, they ...