Overview
- Microsoft
- Windows Notepad
Description
Statistics
- 30 Posts
- 104 Interactions
Fediverse
Notepad.exe RCE Vulnerability 8.8
Are you shitting me?
Что ни день, то повод посмеяться над микрослопом.
Была обнаружена уязвимость, которая позволяет злоумышленникам запускать произвольный код на компьютере жертвы через БЛОКНОТ, сука. Серьёзность уязвимости помечена как ВЫСОКАЯ
🔥 Notepad colpito da vulnerabilità critica
Notepad in Windows 11 espone milioni di PC a un attacco remoto: la vulnerabilità CVE-2026-20841 sfrutta il supporto Markdown per eseguire codice malevolo con un semplice clic su un link
https://gomoot.com/notepad-di-windows-11-colpito-da-vulnerabilita-critica/
1976:
In fünfzig Jahren werden wir fliegende Autos haben.
2026:
Schwere Sicherheitslücke in ... Notepad.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Notepad++: alcune mie versioni erano vulnerabili
MS Notepad: hold my beer
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Windows Notepad.exe CVE announced today, looks like code can be made to run on your machine if you click a dodgy markdown link. People describing it online as remote code execution, which I don't think it is. Still pretty bad though! #cve #Microsoft #Windows11
https://www.cve.org/CVERecord?id=CVE-2026-20841
If there was ever a better time to leave #Windows than after #Microsoft started pushing AI and non-plaintext rendering into #Notepad causing #cve202620841 for #RCE then I'm not sure when a better time could be.
clown world
https://www.cve.org/CVERecord?id=CVE-2026-20841
So yes, Microsoft did manage to enshittify notepad too: https://www.cve.org/CVERecord?id=CVE-2026-20841
A more-than-mature 30+ years old dumb utility to display text got rewritten to do "shtuff" and got pwned with a 8.8 CVSS.
Management, corporations and their demented KPIs should stay away from software.
Be sure to keep up with your text editor’s security updates, fellow Notepad users! I heard that vi fans are exploiting this in the wild to install ransomware on people’s computers. The ransomware won’t let you exit vi until you pay up https://www.cve.org/CVERecord?id=CVE-2026-20841
Falha crítica no Bloco de notas (CVE-2026-20841). Um invasor poderia colocar um link malicioso em um arquivo Markdown que, ao ser clicado pela vítima, executaria códigos remotamente. Quem mandou macular a simplicidade do Bloco de notas? Já tem correção disponível. https://www.cve.org/CVERecord?id=CVE-2026-20841&utm_medium=social&utm_source=manualdousuario
The Vibe-coding Era at Microsoft is going greaaaaaaaat.... https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
Remote Code Execution on notepad
FUCKING NOTEPAD
Microsoft, keep your claws out of the working code! Notepad does NOT need upgrades to be anything else than an entirely plain text editor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841
@odo
From https://www.cve.org/CVERecord?id=CVE-2026-20841
> Improper neutralization of special elements used in a command ('command injection') […]
So maybe notepad just runs something like
```cmd
start "" $link_src
```
And when you write something like
```md
[trust me bro](mailto:foo@bar.baz & echo u pwnd)
```
in your md ...
It maybe translates to something like
```cmd
start "" mailto:foo@bar.baz & echo u pwnd
```
I don't know what the actual vuln is. But sounds like something like the above. Hopefully not that simple. 🤞
Imagine being jail to an operating system where even the blast editor is vulnerable
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
https://www.cve.org/CVERecord?id=CVE-2026-20841
Keep contributing and funding alternatives for all of us.
Looks like the vibe coders at Microsoft forgot to add "don't introduce command injection vulnerabilities" to their prompts?
https://winbuzzer.com/2026/02/11/microsoft-patches-notepad-rce-vulnerability-cve-2026-20841-xcxwbn/
Microsoft Patches High-Severity Notepad Remote Code Execution Flaw
#Cybersecurity #MicrosoftNotepad #Microsoft #Windows #MicrosoftWindows #Windows11 #PatchTuesday #SecurityPatches #WindowsVulnerability #Vulnerability
Bluesky
Overview
Description
Statistics
- 8 Posts
- 96 Interactions
Fediverse
I'm just reading this GNU telnetd CVE from last month. I did not realize that telnet was still a thing, but it turns out anybody could provide a username of "-f root" and, boom, they had root. The vulnerability existed for 11 years. *Wow*. https://www.cve.org/CVERecord?id=CVE-2026-24061
USER='-f root' telnet -a ur.momma
root@ur.momma:~# got em!
https://www.cve.org/CVERecord?id=CVE-2026-24061
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
2026-01-14: Il giorno in cui telnet morì
Il 14 gennaio 2026, il traffico #telnet globale osservato dai sensori di GreyNoise è crollato. Una riduzione sostenuta del 59%, diciotto ASN completamente silenziosi e cinque paesi completamente scomparsi dai nostri dati. Sei giorni dopo, la CVE-2026-24061 è scomparsa. La coincidenza è una delle possibili spiegazioni.
https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/
Bluesky
Overview
Description
Statistics
- 5 Posts
- 13 Interactions
Fediverse
🚨 CRITICAL: CVE-2026-20700 impacts Apple macOS, iOS, iPadOS & more before v26.3. Memory corruption enables arbitrary code execution — exploited in sophisticated, targeted attacks. Urgently update all devices! https://radar.offseq.com/threat/cve-2026-20700-an-attacker-with-memory-write-capab-30065920 #OffSeq #AppleSecurity #CVE202620700 #ThreatIntel
Bluesky
Overview
Description
Statistics
- 3 Posts
- 2 Interactions
Fediverse
https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3
CVE-2026-25646: Legacy Libpng Flaw Poses RCE Risk https://www.esecurityplanet.com/threats/cve-2026-25646-legacy-libpng-flaw-poses-rce-risk/
Overview
Description
Statistics
- 3 Posts
- 14 Interactions
Fediverse
Stairwell: "over 80% of monitored environments contain vulnerable versions of WinRAR affected by CVE-2025-8088"
🙃🙃🙃🙃🙃 :blobpeek:
#CheckPoint Research observed #Amaranth-Dragon, a Chinese-aligned group linked to #APT41, conducting espionage against government and law enforcement across Southeast Asia. The threat actor weaponized #WinRAR flaw CVE-2025-8088 within 10 days after its disclosure, geo-fenced servers to targets, and introduced #TGAmaranth, a Telegram-based remote access tool.
Overview
Description
Statistics
- 4 Posts
Fediverse
A critical zero-day vulnerability in Microsoft Word, identified as CVE-2026-21514, has been disclosed. The flaw is being actively exploited in the wild.
https://cybersecuritynews.com/microsoft-office-word-0-day-vulnerability/
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security https://www.esecurityplanet.com/threats/cve-2026-21514-actively-exploited-word-flaw-evades-ole-security/
Overview
- checkpoint
- Hramony SASE
Description
Statistics
- 2 Posts
Fediverse
https://blog.amberwolf.com/blog/2026/january/advisory---check-point-harmony-local-privilege-escalation-cve-2025-9142/
/via @badsectorlabs
Overview
- nyariv
- SandboxJS
Description
Statistics
- 2 Posts
Overview
Description
Statistics
- 2 Posts
- 6 Interactions
Fediverse
Microsoft has disclosed a zero-day vulnerability (CVE-2026-21513) in the MSHTML Framework that allows attackers to bypass security features and gain high-level access to affected systems. This critical vulnerability, with a CVSS score of 8.8, has a network-based attack vector and is already being exploited in the wild, necessitating immediate patching.
https://gbhackers.com/mshtml-framework-zero-day/
Overview
Description
Statistics
- 1 Post
- 7 Interactions
Fediverse
🐞 Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security // Het Mehta
「 CVE-2026-25049, a critical vulnerability with a CVSS score of 9.4 that let attackers execute arbitrary system commands on n8n servers. What makes this particularly interesting (and painful for n8n’s security team) is that this vulnerability bypassed a security fix they had just deployed two months earlier 」