Possible targeted attack using 1-click RCE in Telegram Desktop. Context: I am the target of ongoing attacks and use an isolated environment (a virtual machine) to run desktop versions of Telegram. Recently, I encountered behavior indicating a possible use of a 1-click RCE exploit. Timeline of events: 1. Initial interaction: • A contact sent me a message on Telegram. • In the Telegram sidebar (on the right), I saw that the user had their own channel. • I went to that channel — everything displayed normally, Telegram behaved as expected. 2. Subsequent interaction: • Some time later, the same user messaged me again. • I noticed that in the sidebar, instead of the previous channel name, there was now the label “channel deleted.” • This caught my attention enough that I clicked on that line (just to check if the channel was really deleted). • At that moment, Telegram Desktop suddenly restarted without any warning or error message. 3. Reaction: • Immediately after, I shut down the virtual machine without waiting to see what would happen next. • Fortunately, I had backups of my sessions and account, so there was no damage. 4. Confirmation: • Later, this user directly admitted to me that this was a targeted attack using 1-click RCE. I know this user and communicate with him from time to time — he is a member of Conti (Target). I monitor his channel. Every time, he deletes the chat with me and then is the first to initiate a conversation again. This is not the first targeted attack on me (unsuccessful so far). Important details: • I did not click any external links or open attachments. • The only action was clicking on a deleted Telegram channel shown in the sidebar. • This action triggered unpredictable client behavior — a spontaneous restart of Telegram Desktop. Conclusion: It is highly likely that a 1-click vulnerability was exploited related to content or metadata handling associated with Telegram channels (possibly in the preview or channel URL handler). The attack was designed to trigger on a single user action — clicking a modified or fake Telegram interface element.