this post was submitted on 12 Feb 2026
313 points (98.5% liked)

Technology

81078 readers
4048 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
313
Microsoft's Notepad Got Pwned (They Added AI To It, So...) (foss-daily.org)
submitted 1 day ago by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
38 comments fedilink hide all child comments
 

Remember when Notepad was just… Notepad? A simple text editor nobody asked to be modernized?

Yeah, Microsoft didn’t care either. They bolted on Markdown support and AI features anyway. And now we’ve got CVE-2026-20841. Remote code execution. Via a text file. This is the kind of thing that makes you go “oh come on, really?”

you are viewing a single comment's thread
view the rest of the comments
[–] Pamasich@kbin.earth 12 points 1 day ago (1 children)

The remote code execution isn't "via a text file". It's via a link in a text file, which Notepad now lets you actually click.

Just don't click on links you don't know the destination of (Notepad shows the destination for https links at least, on hover) and you don't have any remote code executing.

[–] themachinestops@lemmy.dbzer0.com 10 points 1 day ago* (last edited 1 day ago)

You a have not seen what people these days fall for. Seen a lot of dumb stuff at work.

https://www.trendmicro.com/en_us/research/25/e/unmasking-fake-captcha-cases.html