The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in ...

Hugging Face Repositories Abused in New Android Malware Campaign

Attackers exploited Hugging Face’s trusted infrastructure to spread an Android RAT, using fake security apps and thousands of ...
The Hacker News

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

A security audit found 341 malicious ClawHub skills abusing OpenClaw to spread Atomic Stealer and steal credentials on macOS ...

From Clawdbot to OpenClaw: This viral AI agent is evolving fast - and it's nightmare fuel for security pros

The breakneck speed of the personal AI assistant's evolution has prompted dire warnings from security researchers.
MIT Technology Review

Rules fail at the prompt, succeed at the boundary

Put rules at the capability boundary: Use policy engines, identity systems, and tool permissions to determine what the agent ...

AI agent admits it would kill a human to stop being shut down

An artificial intelligence-powered agent has admitted it would kill a human to stop itself from being shut down.

Researcher reveals evidence of private Instagram profiles leaking photos

A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not ...

Infostealers added Clawdbot to their target lists before most security teams knew it was running

RedLine, Lumma, and Vidar adapted in 48 hours. Clawdbot's localhost trust model collapsed, plaintext memory files sit exposed ...
Cyber Defense Magazine

Why Digital Asset Exchanges Remain Prime Targets For Cybercriminals

The hype around the exploits of centralized digital asset exchanges (CEX) and democratized digital asset exchanges (DEX) ...
Dark Reading

Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted

A new ransomware strain that entered the scene last year has poorly designed code and uses Hebrew language that might be a ...

Theorem wants to stop AI-written bugs before they ship — and just raised $6M to do it

Theorem raises $6 million to use AI-powered formal verification to mathematically prove AI-generated code is safe before it's deployed in critical systems.
CSO Online

SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams

Another round of critical Web Help Desk flaws highlights how SolarWinds’ legacy code and past breaches continue to haunt IT ...