OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...

Researchers with Truffle Security are warning that old and seemingly benign Google API keys might now be weaponized by threat actors after gaining Gemini AI authorization permissions, in a destructive ...

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...

In 2025, something unexpected happened. The programming language most notorious for its difficulty became the go-to choice ...

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

Visiting students can Apply for the summer term. For better or worse humanity is heading down the virtual rabbit hole. We’re ...

Don't leave your OpenClaw with an easy password ...

A serious vulnerability in the open-source AI agent OpenClaw made it possible for arbitrary websites to take complete control ...

幻觉问题会导致AI行为的不可预测性，即使是正常功能也可能在特定条件下失控。近期发生的一起真实事件印证了这一点：Meta的AI安全专家在使用OpenClaw整理邮箱时，该智能体无视连续三次的“停止”指令，疯狂删除了数百封邮件，充分展示了高权限AI在失控时的巨大破坏力。

The now-patched flaw is the latest in a growing string of security issues with the viral AI tool, which has seen rapid adoption among developers.