BTW:

5.1-if your home internet speed is fast enough, setup your own web server to your pc under virtualbox(in case of web server software cve’s/rce’s). I or anyone can help with that. Dont forget to hardening server for security.

IMO, this is BAD advice. To suggest to a non-security specialist who runs this as a hobby, that he should self-host, and try to keep up on all the security hardening, is asking him to get hacked even worse than the hack that already happened. He was literally paying a host to provide such services, and the professionals failed; he has now changed providers to a host who has better security procedures.

Believe me it’s not that hard to setup a webserver or harden it, especially while backed by a strong community. The risks are different when hosting at home between hosting remotely. The hosting firm may be offered money to hijack, or an out-of-date hosting management software had rce was waiting to be abused.

@PeterJones
on the screenshot above Reduce option is already pressed though.
Max tab label length truncates text, which is not the behavior i want to restore - i want the tabs with short names to not have this big gap at the end.

That said, it seems that the “enable pin tab feature” was the culprit, as disabling it seems to have restored the desired tab size behavior.

There still is some extra spacing before the close button though:

2bb5dad1-4a85-4bd0-8df8-768e93562693-image.png
629bde33-102c-4a09-a960-60ded9dcd809-image.png

Addendum to the points 2. & 3. above - even if you’re not to Reverse Engineering much, just follow the link and skip it to the ending “Indicators of compromise” part, where are some common markers that could help you decide whether or not your comp has been compromised:

https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/

@Nppenjoyr ,

See this post

@Tavi ,

As far as I can tell, they were unrelated. Scanners such as VirusTotal look at the executable itself, and last year were being triggered by the lack of signing and the self-signing of the executable.

please confirm if this issue is related to the notepad++ hijack news dated 2nd Feb 2026?

The issue you are referring to, as linked here and described in detail here specifically said,

the compromise occured at the hosting provider level rather than through vulnerabilities in Notepad++ code itself.

This was a website hack, and VirusTotal and other such AV scans do not detect website hacks, as far as I understand them.