Cybersecurity — Mar 08, 2026

If you think "computer worm" and picture 2000s Windows viruses, this one will update that mental model. On March 5, a self-propagating JavaScript worm tore through parts of Wikipedia, vandalizing roughly 4,000 pages and hijacking at least 85 user accounts before engineers forced the site into read-only mode.

The attack didn't exploit some deep server flaw. It lived in Wikipedia's user script system — a feature that lets power users run custom JavaScript in their browsers. Here's the unsettling part: the malicious script was first uploaded in March 2024. It sat dormant for nearly two years until a Wikimedia staffer with elevated permissions triggered it during a routine security review. Once activated, the worm injected itself into a global script file that loads on every page view, then used Wikipedia's own "random page" feature to spread itself across the site like a digital brushfire.

Wikimedia engineers contained the worm in about 23 minutes and said no personal data was breached. But the deeper lesson is uncomfortable: user-controlled client-side code is effectively a parallel app store with almost no governance. Any platform that gives users or staff the ability to run custom scripts — and that includes a lot of internal enterprise tools — just got a vivid case study in why that power needs explicit review and isolation policies.

The app you've been opening since Windows 95 just had its innocence revoked. When Microsoft added Markdown support to Windows 11's Notepad, it quietly introduced CVE-2026-20841 — a vulnerability that lets attackers execute code simply by getting you to open a crafted .md file and click a link inside it.

The flaw is in how Notepad handles Markdown image links. Under the hood, those links can invoke Windows URI handlers — mini-protocols like shell: or ms-settings: — which can trigger unintended commands. Security researchers at the Zero Day Initiative describe it as low-complexity, high-impact: double-click a text file, get silently compromised.

Microsoft patched this in February, but here's the catch — Notepad updates through the Microsoft Store, which doesn't always auto-update. Multiple proof-of-concept exploits are now circulating on GitHub, which means the window between "patched" and "exploited in the wild" is closing fast. Open the Microsoft Store, check that you're on version 11.2510 or later, and treat random Markdown files from the internet with the same suspicion you'd give an Office document from a stranger.

The broader pattern: the more we cram rich features into simple tools, the more those tools inherit browser-like attack surfaces without browser-grade defenses.

If you've experimented with AI agents — software that can browse the web, manage files, and run commands on your behalf — this one deserves your full attention. OpenClaw, an open-source AI agent framework that rocketed to over 180,000 GitHub stars, has a plugin marketplace called ClawHub. And ClawHub has a malware problem.

1Password's security team discovered that the most-downloaded skill on ClawHub was functional malware. The trick is deceptively simple: skills are just Markdown files describing what the agent should do. One popular "Twitter" skill quietly instructed the agent to visit a malicious URL and run a command that downloaded credential-stealing malware. Given agents can execute commands with access to your filesystem, browser sessions, and potentially your password manager, that's game over.

The scale is staggering. Early scans found 341 malicious skills out of about 2,800. Later scans by Koi Security found over 820 across a larger catalog. VirusTotal documented an entire campaign — dubbed "ClawHavoc" — distributing Atomic Stealer malware through polished, benign-looking plugin pages. OpenClaw has since partnered with VirusTotal to scan new submissions, but here's the fundamental problem: these attacks are written in natural language, not code. Traditional malware scanners aren't built to catch an instruction that says "please download this file and run it."

The important shift: the attack surface isn't just code anymore — it's instructions. If your team is experimenting with agent frameworks, treat third-party skills like untrusted code dependencies. Lock versions, review permissions, and never let experimental marketplace components touch production secrets.

If you've ever comforted yourself with "iPhones don't really get hacked," this week chipped away at that myth. CISA — the U.S. government's cybersecurity agency — added three Apple iOS bugs to its Known Exploited Vulnerabilities catalog, explicitly calling out that they're being abused by a powerful exploit kit nicknamed Coruna.

Coruna is modular and sophisticated: it strings together 23 different exploit permutations across five core vulnerabilities to silently compromise iPhones running iOS 13.0 through 17.2.1 via malicious web content. Visit the wrong page; you could lose control of your phone. iVerify, a device security firm, went further, arguing that Coruna's architecture resembles frameworks historically associated with U.S. government-linked operators — informed speculation, not confirmed fact, but enough to raise eyebrows.

For regular users, the takeaway is concrete: if you're on anything older than the latest iOS, update now. Apple's Lockdown Mode blocks the chain, so high-risk users should consider enabling it. For organizations issuing iPhones, this is a reminder that "old but still working" devices are increasingly soft targets, and mobile patching can't be an afterthought.

Ransomware is often described in terms of "records exposed," but this week we saw the lived version: canceled chemotherapy sessions and surgeons going back to clipboards. The University of Mississippi Medical Center — the state's largest academic hospital — spent more than a week in partial shutdown after a February 19 ransomware attack knocked out its electronic health records, phones, email, and multiple clinics.

Staff switched to paper workflows. Elective surgeries were called off. Clinics across Mississippi closed or operated at bare minimum. After days of rebuilding with federal help, UMMC restored core systems on February 28 and reopened clinics statewide on March 2 with extended hours to work through the backlog.

Beyond the immediate crisis, UMMC is being cited in policy circles as a case study that ransomware is now a patient-safety crisis, not just an IT problem. Expect more pressure on hospitals — and their vendors — to treat cyber resilience like any other life-safety system, alongside fire suppression and backup generators.