There is a vulnerability in the Plasma desktop that KDE developers are currently working to patch. The details are here.
For the moment avoid downloading .desktop or .directory files and extracting archives from untrusted sources.
Also, if you discover a similar vulnerability, it is best to send an email email@example.com before making it public. This will give us time to patch it and keep users safe before the bad guys try to exploit it.
"Researcher did not notify KDE team" What a shit and what a strange excuse.
But please, make KDE safer and stay that way, because I really like it.
@kde sucks Penner just wanted props before defcon. I hope its not too much hassle for you.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!