A small number of organizations, primarily in East Asia, have reported security incidents where Notepad++ processes appear to have been the initial access point for threat actors. This may be related to vulnerabilities in the Notepad++ updater mechanism, potentially allowing for the redirection of downloads to malicious versions, though the issue seems to be mitigated in version 8.8.8 by forcing downloads from GitHub.
Edward Kiledjian
@ekiledjian