The WAV file is a valid audio file. It passes MIME-type checks. But the audio frame data contains a base64-encoded payload. Decode the frames, take the first 8 bytes as the XOR key, XOR the rest, and you have your executable or Python script.
The long-dormant DR-DOS.com website is alive again, and DR-DOS 9.0 is in development. There have been six preliminary releases so far this year. The current work-in-progress version is version 9.0.291. This is not the same OS as the DOS-compatible OS that Digital Research developed back in the 1980s, working on the basis of its multitasking multiuser Concurrent DOS OS.
"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."
The vulnerability, uncovered by researchers at security outfit Cyera, carries a CVSS score of 10.0 and has been dubbed "ni8mare" for good reason. Tracked as CVE-2026-21858, the flaw allows an unauthenticated attacker to execute arbitrary code on vulnerable systems, effectively handing over complete control of the affected environment. There is no workaround other than patching, and users are urged to upgrade to n8n version 1.121.0 or later.
The issue sits in the management interface's HTTP handling and can be triggered without logging in. "This vulnerability is due to improper validation of user-supplied input in HTTP requests," Cisco explains in its advisory. "An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device." Given how often those interfaces are reachable over internal networks or VPNs, it's not hard to see why attackers have noticed.
