Notepad Got an RCE Vulnerability

by Nora Kaplan — February 11, 2026

Microsoft patched a critical remote code execution flaw in Windows Notepad on Patch Tuesday—yes, Notepad, the app you open specifically because it's too simple to be dangerous. CVE-2026-20841 (CVSS 8.8) lets attackers trick you into opening a malicious Markdown file, clicking a link, and watching Notepad fetch and execute remote code through unverified protocols. Affected versions: Notepad 11.x before 11.2510. The vulnerability exists because Notepad grew up: it renders Markdown now, handles protocols, fetches remote files. Each feature expanded attack surface until the OS's "safe" text editor disappeared. When Notepad requires security vigilance, trust boundaries have collapsed.

Notepad Got an RCE Vulnerability

by Nora Kaplan — February 11, 2026

Microsoft patched a critical remote code execution flaw in Windows Notepad on Patch Tuesday—yes, Notepad, the app you open specifically because it's too simple to be dangerous. CVE-2026-20841 (CVSS 8.8) lets attackers trick you into opening a malicious Markdown file, clicking a link, and watching Notepad fetch and execute remote code through unverified protocols. Affected versions: Notepad 11.x before 11.2510. The vulnerability exists because Notepad grew up: it renders Markdown now, handles protocols, fetches remote files. Each feature expanded attack surface until the OS's "safe" text editor disappeared. When Notepad requires security vigilance, trust boundaries have collapsed.

The AI Money Machine

Yesterday alone brought a macOS desktop app launch from OpenAI, a $20 billion bond deal from Alphabet, and battery manufacturers pivoting entire production lines away from EVs toward data center power storage.

The infrastructure buildout is happening at balance-sheet scale: long-dated financing, supply chain reconfigurations, and startup funding rounds that would've been Series C numbers a few years ago showing up at seed stage.
Meanwhile, markets are still processing what happens when AI features start looking less like paid add-ons and more like platform capabilities that come built-in.

AI moved from "interesting technology" to "rewrite the cap table and retool the factories." Here's where the money's flowing.

TODAY'S BIG MOMENT

The AI Money Machine

Yesterday alone brought a macOS desktop app launch from OpenAI, a $20 billion bond deal from Alphabet, and battery manufacturers pivoting entire production lines away from EVs toward data center power storage.

The infrastructure buildout is happening at balance-sheet scale: long-dated financing, supply chain reconfigurations, and startup funding rounds that would've been Series C numbers a few years ago showing up at seed stage.
Meanwhile, markets are still processing what happens when AI features start looking less like paid add-ons and more like platform capabilities that come built-in.

AI moved from "interesting technology" to "rewrite the cap table and retool the factories." Here's where the money's flowing.

OpenAI Codex Desktop Hits macOS

OpenAI shipped a Codex desktop app for macOS yesterday, moving AI-assisted coding out of the browser. CEO Sam Altman told employees ChatGPT is back above 10% monthly growth with 800 million weekly users. Codex itself grew 50% in one week. New model drops this week.

Alphabet Raises $20 Billion for AI Infrastructure

Alphabet pulled in $20 billion through a bond deal yesterday to fund data centers, custom silicon, and compute infrastructure. When the biggest players borrow at this scale, it signals demand forecasts strong enough to justify multi-year commitments. The AI buildout is officially a balance-sheet story.

Claude's Market Disruption Continues

Anthropic's Claude plugins wiped $285 billion off SaaS valuations last week. Fortune reports Anthropic "isn't done spooking SaaS investors." The debate centers on whether AI features are cannibalizing traditional software bundles, especially where value ties to per-seat licensing rather than usage or outcomes.

AI Startup Funding Wave Hits Yesterday

Yesterday's rounds: Vega ($120M Series B, AI-native security analytics), Bretton AI ($75M Series B, financial crime automation), Naboo ($70M Series B, AI-powered corporate events), Neara ($64M Series D, infrastructure digital twins), Entire ($60M seed for AI-agent code management at $300M valuation).

Battery Makers Pivot to Data Centers

Battery manufacturers are shifting capacity from EV production toward energy storage, responding to grid stress from data center growth. AI data centers need power with fewer interruptions. Storage smooths demand spikes and stabilizes onsite operations. This is a supply-chain story with startup implications.

Karpathy Says "Vibe Coding" Is Over

Andrej Karpathy declared "vibe coding is passé" and introduced new terminology for software's future. The conversation's happening across developer communities as AI coding culture evolves faster than the frameworks to describe it. When prominent AI figures start renaming categories, the ground is shifting.

Platforms & Security Watch

Security Update

Microsoft Patches Five Actively Exploited Zero-Days

Microsoft's Patch Tuesday yesterday addressed 59 vulnerabilities, including five "Important" zero-days being actively exploited in the wild. One "Moderate" vulnerability (CVE-2026-21525) is also under active exploitation. Two critical vulnerabilities affect Microsoft ACI Confidential Containers. Monthly security reality check: patch now, the exploits are already out there.

Privacy Debate

Discord's Age Verification Sparks Privacy Fight

Discord announced Monday it's requiring video selfies or government IDs for age verification, rolling out early March. Users default to "teen-appropriate" experiences. Government IDs get verified off-device, raising data security questions. Users are pushing back on providing personal information, reflecting broader tension between user safety and privacy rights.

Product Launches

Apple's Product Pipeline Heats Up

Apple's reportedly unveiling the iPhone 17e next week, with MacBook Pro models featuring M5 Pro and M5 Max chips following in early March. Still waiting on: a lower-cost MacBook with iPhone chip, Apple TV updates, and HomePod mini refresh. Apple launches always generate buzz, and the pipeline's stacked.

Developer Culture

Karpathy Renames Software's Future

Andrej Karpathy says "vibe coding is passé" and has new language for where software development's heading. The conversation's unfolding across developer circles as AI coding practices evolve faster than the terminology to describe them. When prominent AI figures start redefining categories, it signals the ground's shifting.

Platforms & Security Watch

Security Update

Microsoft Patches Five Actively Exploited Zero-Days

Microsoft's Patch Tuesday yesterday addressed 59 vulnerabilities, including five "Important" zero-days being actively exploited in the wild. One "Moderate" vulnerability (CVE-2026-21525) is also under active exploitation. Two critical vulnerabilities affect Microsoft ACI Confidential Containers. Monthly security reality check: patch now, the exploits are already out there.

Privacy Debate

Discord's Age Verification Sparks Privacy Fight

Discord announced Monday it's requiring video selfies or government IDs for age verification, rolling out early March. Users default to "teen-appropriate" experiences. Government IDs get verified off-device, raising data security questions. Users are pushing back on providing personal information, reflecting broader tension between user safety and privacy rights.

Product Launches

Apple's Product Pipeline Heats Up

Apple's reportedly unveiling the iPhone 17e next week, with MacBook Pro models featuring M5 Pro and M5 Max chips following in early March. Still waiting on: a lower-cost MacBook with iPhone chip, Apple TV updates, and HomePod mini refresh. Apple launches always generate buzz, and the pipeline's stacked.

Developer Culture

Karpathy Renames Software's Future

Andrej Karpathy says "vibe coding is passé" and has new language for where software development's heading. The conversation's unfolding across developer circles as AI coding practices evolve faster than the terminology to describe them. When prominent AI figures start redefining categories, it signals the ground's shifting.

Favorite Featured Stories

When Payment Protocols Multiply, Watch Where Value Consolidates

Five different payment protocols for AI agents launched between September and December 2025. Google, Visa, Mastercar...

When Execution Speed Stops Being the Constraint

The engineer's fingers hover over the keyboard. Muscle memory fires—the syntax patterns, the familiar keystrokes, y...

The Infrastructure That Licensing Made Invisible

Teams writing browser automation tests today assume certain infrastructure just works. Write a script monitoring ai...

What You're Measuring and How You're Measuring It

Your agent passes testing, fails in production. Another completes tasks while taking paths you can't see are fragil...

Favorite Featured Stories

When Payment Protocols Multiply, Watch Where Value Consolidates

Five different payment protocols for AI agents launched between September and December 2025. Google, Visa, Mastercar...

When Execution Speed Stops Being the Constraint

The engineer's fingers hover over the keyboard. Muscle memory fires—the syntax patterns, the familiar keystrokes, y...

The Infrastructure That Licensing Made Invisible

Teams writing browser automation tests today assume certain infrastructure just works. Write a script monitoring ai...

What You're Measuring and How You're Measuring It

Your agent passes testing, fails in production. Another completes tasks while taking paths you can't see are fragil...

CURRENT

Saturday, February 14

Saturday, February 14

Notepad Got an RCE Vulnerability

Notepad Got an RCE Vulnerability