this post was submitted on 12 Feb 2026
348 points (98.3% liked)

Technology

81118 readers
3854 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
348
Microsoft's Notepad Got Pwned (They Added AI To It, So...) (foss-daily.org)
submitted 1 day ago by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
44 comments fedilink hide all child comments
 

Remember when Notepad was just… Notepad? A simple text editor nobody asked to be modernized?

Yeah, Microsoft didn’t care either. They bolted on Markdown support and AI features anyway. And now we’ve got CVE-2026-20841. Remote code execution. Via a text file. This is the kind of thing that makes you go “oh come on, really?”

you are viewing a single comment's thread
view the rest of the comments
[–] chaogomu@lemmy.world 4 points 1 day ago (1 children)

The software itself wasn't compromised. But the download link was. So if you downloaded it in the last year, you downloaded state sponsored malware.

[–] SaltySalamander@fedia.io 3 points 13 hours ago (1 children)

No. The download link was never compromised. What was compromised was the built-in auto-update feature.

[–] Techlos@lemmy.dbzer0.com 2 points 2 hours ago (1 children)

Years of auto update paranoia paid off for me, never trust an executable that doesn't give you a hash to check.

[–] SaltySalamander@fedia.io 2 points 2 hours ago

My philosophy as well