Week 6 – When ++ Turns into a Minus

2 – 8 Feb 2026

Earlier this week, a security advisory reported a high-severity vulnerability in Notepad++, rated CVSS 7.7.

But first of all, what is Notepad++?

For those who may not be familiar with it, Notepad++ is a free, open-source text and source code editor for Windows. It serves as a faster, more powerful alternative to the built-in Windows Notepad, widely used by developers, system administrators, and other IT professionals.

In CVE-2025-15556, the WinGUp updater is affected in the vulnerability, which fails to cryptographically validate the authenticity and integrity of the update files. In short, the updater does not verify if there are any changes in the given files, so the downloaded content could have been modified by untrusted parties.

Why is this vulnerability dangerous?

Because an attacker who can intercept or redirect update traffic may fraudulently supply a malicious installer that the updater will download and run. This can result in arbitrary code execution with the privileges of the user, potentially compromising the system. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory.

You may be wondering how can you protect yourself from this issue.

Make sure you update to at least version 8.8.9 and verify the digital signature of the installer or the authenticity of the downloaded source.

We highly recommend checking the developer’s advisories (see below), which include technical publications of security vendors (e.g., Rapid7), if you are interested in how it was used in targeted attacks last year.

This was this week’s edition of our CVE of the Week, see you next week!

For more information:
Notepad++ clarification: https://notepad-plus-plus.org/news/clarification-security-incident/
Notepad++ security update: https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Rapid7 blogpost: https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/
https://nvd.nist.gov/vuln/detail/CVE-2025-15556

White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.

With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.

They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.