https://www.bleepingcomputer.com/news/security/zero-day-bug-in-kde-4-5-executes-commands-by-opening-a-folder/

An unpatched zero-day vulnerability exists in KDE 4 & 5 that could allow attackers to execute code simply by tricking a user into downloading an archive, extracting it, and then opening the folder.

BleepingComputer has been contacted by security researcher Dominik Penner about a new vulnerability that he disclosed for the Linux KDE desktop environment.