Microsoft has patched a high-severity vulnerability in Windows 11's Notepad that allowed attackers to silently execute local or remote programs when a user clicked a specially crafted Markdown link, all without triggering any Windows security warning.

The flaw, tracked as CVE-2026-20841 and fixed in the February 2026 Patch Tuesday update, stemmed from Notepad's relatively new Markdown support -- a feature Microsoft added after discontinuing WordPad and rewriting Notepad to serve as both a plain text and rich text editor. An attacker only needed to create a Markdown file containing file:// links pointing to executables or special URIs like ms-appinstaller://, and a Ctrl+click in Markdown mode would launch them. Microsoft's fix now displays a warning dialog for any link that doesn't use http:// or https://, though the company did not explain why it chose a prompt over blocking non-standard links entirely. Notepad updates automatically through the Microsoft Store.

AI startup Anthropic says it will ensure consumer electricity costs remain steady as it expands its data center footprint. From a report: Anthropic said it would work with utility companies to "estimate and cover" consumer electricity price increases in places where it is not able to sufficiently generate new power and pay for 100% of the infrastructure upgrades required to connect its data centers to the electrical grid.

In a statement to NBC News, Anthropic CEO Dario Amodei said: "building AI responsibly can't stop at the technology -- it has to extend to the infrastructure behind it. We've been clear that the U.S. needs to build AI infrastructure at scale to stay competitive, but the costs of powering our models should fall on Anthropic, not everyday Americans. We look forward to working with communities, local governments, and the Administration to get this right."

Meta Platforms' latest annual report contained an unusual, cautionary note for investors. From a report: The tech giant's auditor, Ernst & Young, raised a red flag over the financial engineering Meta used to keep a $27 billion data-center project off its balance sheet. While EY ultimately blessed Meta's accounting treatment, the firm flagged it as a "critical audit matter." This means it was one of the hardest, riskiest judgments the auditor had to make.

Such a warning label is rare for a specific, high-profile transaction at a major audit client. Meta moved the data-center project, called Hyperion, off its books in October into a new joint venture with Blue Owl Capital. Meta owns 20% of the venture; funds managed by Blue Owl own the other 80%. A holding company called Beignet Investor, which owns the Blue Owl portion, sold a then-record $27.3 billion of bonds to investors. The joint venture is known in accounting parlance as a variable interest entity, or VIE. Meta said it isn't the "primary beneficiary" of this entity and so didn't have to put the venture's assets and liabilities on its own balance sheet.

Meta's assertion that it lacks power over the venture is debatable and has drawn scrutiny from investors and lawmakers. Meta is a hyperscaler and knows how to run data centers for artificial intelligence, while Blue Owl is a financier. Whether the venture succeeds economically will come down to Meta's decisions and know-how. In its report, EY said auditing Meta's decision "was especially challenging due to the significant judgment required in determining the activities that most significantly affect the VIE's economic performance."