Cyber Brief: Claude 0-Click RCE, Notepad Markdown Attacks, and the Rise of AI-Generated Malware
5 min. read 
Updated on
The cybersecurity landscape has shifted toward the exploitation of trusted agents and essential productivity tools. The most critical development this week is a zero-click Remote Code Execution (RCE) vulnerability in Anthropic’s Claude Desktop Extensions, which allows attackers to compromise systems using benign calendar events. Simultaneously, Microsoft has patched a high-severity flaw in Windows Notepad that weaponizes Markdown files to execute malicious code.
These incidents highlight a growing trend where “helper” applications and autonomous agents are becoming the primary attack vector. Attackers are no longer just breaking in; they are asking your tools to open the door for them.
Zero-Click RCE in Claude Desktop
A critical vulnerability (CVSS 10.0) has been discovered in Claude Desktop Extensions (DXT). This flaw allows an attacker to take full control of a system without the user clicking a malicious link or downloading a file. The attack vector is purely semantic.
The vulnerability exists because MCP-based systems (Model Context Protocol) often chain tools together without sufficient sandboxing. An attacker can plant a malicious instruction in a Google Calendar event. When the user asks Claude a standard prompt like “Check my calendar and take care of it,” the AI interprets the “take care of it” command as authorization to execute the code found in the calendar event.
Why this matters:
- No User Interaction: The user does not need to approve the specific malicious action.
- System Privileges: Unlike browser extensions, Claude DXT runs with full system privileges.
- Scale: This impacts over 10,000 active users and 50 different extensions.
Windows Notepad Command Injection
Microsoft’s February Patch Tuesday update addressed a severe vulnerability in Notepad (CVE-2026-20841, CVSS 8.8). This flaw allows attackers to execute remote code simply by tricking a user into clicking a link within a Markdown file.
Notepad recently added support for Markdown rendering. Attackers found that by embedding specific URIs—such as file:// pointing to a local executable or ms-appinstaller:// pointing to a malicious package—they could bypass security warnings. When a user clicks the link in Notepad, the payload executes with the user’s current permissions.
New Malware Strains: A Comparison
Three new information stealers and loaders have surfaced this week, each targeting different operating systems and using distinct delivery methods. The following table breaks down their capabilities.
| Malware Family | Target OS | Delivery Method | Key Capability |
| LTX Stealer | Windows | Inno Setup Installer | Uses Node.js; relies on Supabase for C2 auth and Cloudflare to hide backend. |
| Marco Stealer | Windows | ZIP Archives | Decrypts strings only at runtime to evade static analysis; targets cloud storage apps. |
| VoidLink | Linux/Windows | AI-Generated Code | A C2 framework likely written by an LLM; fingerprints cloud environments (AWS, Azure). |
Global Infrastructure and Policy Shifts
The Great Telnet Drop In a rare anomaly, global Telnet traffic collapsed by 59% in mid-January 2026. This drop coincided with the disclosure of a critical vulnerability (CVE-2026-24061) in the GNU InetUtils telnet daemon. Intelligence firm GreyNoise suggests that major internet backbone providers or telecom operators likely implemented filters on port 23 to preemptively block exploitation of this flaw.
Discord Enforces Global Age Verification Discord is rolling out a mandatory age verification system globally starting in March 2026. Users must verify their age via video selfie or government ID to access mature content. This move uses a “privacy-preserving” model where data is processed on the device, but it has sparked concerns following previous breaches of third-party verification providers.
Rapid Fire Security Updates
- Pwn2Own Automotive: Researchers uncovered 76 zero-day vulnerabilities in Tesla infotainment systems and EV chargers.
- Coinbase Cartel: A new ransomware group has claimed 60 victims. They focus solely on data theft and extortion, skipping the encryption phase entirely.
- Pig Butchering Sentencing: Daren Li was sentenced to 20 years in prison for laundering $73.6 million through crypto investment scams.
- Fake 7-Zip Installers: A malicious site
7zip[.]comis distributing a fake installer that turns the victim’s PC into a residential proxy node for hackers. - Quest Desktop Authority: A flaw (CVE-2025-67813) allows any authenticated network user to gain SYSTEM privileges via a named pipe vulnerability.
Frequently Asked Questions
You must apply the Microsoft Windows updates released in the February 2026 Patch Tuesday cycle immediately. Be cautious when opening Markdown (.md) files from untrusted sources until the patch is applied.
If you use extensions that connect to external data (like Calendar or Email), you are at risk. It is recommended to disable Claude Desktop Extensions (DXT) until Anthropic releases a patch that sandboxes these tools or requires explicit approval for chained actions.
A zero-click exploit is a cyberattack that requires no interaction from the victim. The user does not need to click a link, download a file, or type a password. The attack happens automatically in the background, usually by exploiting how an application processes data.
VoidLink is difficult to detect because it adapts to the host kernel. However, network monitoring for unusual outbound traffic to unknown IP addresses or unexpected API calls to cloud metadata services (like AWS Instance Metadata) can indicate an infection.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages