Notepad++ users are facing security issues, with a few organizations reporting incidents linked to the application. Some users have experienced unauthorized access, suggesting that Notepad++ processes might be related to these breaches. The article emphasizes that the developer of Notepad++ is not at fault; rather, the focus is on raising awareness about potential vulnerabilities. So far, only a small number of organizations have been affected, and the situation is still developing. In mid-November, Notepad++ updated its Updater to prevent hijacking, but this update did not receive a CVE. The change aimed to ensure secure downloads, yet earlier versions transmitted data over HTTP, making them vulnerable. While the recent downloads are signed, past versions had issues with self-signed certificates. Attackers could potentially intercept and redirect download requests, posing a risk to users. Victims of these incidents have primarily been organizations with interests in East Asia, where targeted reconnaissance activities were reported. Indicators of compromise include abnormal network requests from the updater process and the presence of suspicious executables in user folders. The article also warns of the proliferation of fake Notepad++ versions and highlights the risks posed by third-party plugins that can increase the attack surface.