The timeline says the attack started in June of 2025 and continued through Dec 2, 2025. If you installed, updated, or silently updated during that period you may have been targeted / compromised.
You might have version 8.8.1 or lower, however it might have tried to order update got the vulnerable package instead and then remained on the older version. I think even if you have the older version that’s not a sign that you weren’t compromised.
The timeline says the attack started in June of 2025 and continued through Dec 2, 2025. If you installed, updated, or silently updated during that period you may have been targeted / compromised.
What was the latest version before June 2025?
Looks like 8.8.1 was May 2025 https://notepad-plus-plus.org/news/v881-we-are-with-ukraine/
8.8.2 was June 2025 and has a warning to ignore “false positives” of malware in the update… Ouch. https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/
You might have version 8.8.1 or lower, however it might have tried to order update got the vulnerable package instead and then remained on the older version. I think even if you have the older version that’s not a sign that you weren’t compromised.