[ompogUe]

Not sure on their reasoning, but subtitle files _are_ an attack vector:

https://www.bleepingcomputer.com/news/security/fake-one-batt...

https://mashable.com/article/subtitles-hackers

[quietsegfault]

I mean, it’s sort of a vector. The malware itself can only be executed if you click a suspicious .lnk file. The moral here isn’t that subtitles are a “vector”, but to not indiscriminately run scripts.