Notepad++ updates got hijacked for months and could have spied for China by Stevie Bonifield

the hijacking occurred on the app’s unnamed, now-former hosting provider’s end, stating that “Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.” When victims were redirected, their app update could be replaced with a malicious executable that, according to independent cybersecurity expert Kevin Beaumont, may have given the hackers remote access to a victim’s keyboard.

8.8.9 has the fix for this.