The Hacker News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...
NYU Tisch School of the Arts

ITP/IMA Summer 2026 Course Offerings Announced

Visiting students can Apply for the summer term. For better or worse humanity is heading down the virtual rabbit hole. We’re ...
CPO Magazine

Security Research Finds OpenClaw AI Agent “Trivially Vulnerable” to Hijacking

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...
CSO Online

Your personal OpenClaw agent may also be taking orders from malicious websites

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that ...

OpenClawd Releases Major Platform Update as OpenClaw Surpasses React With 250,000 GitHub Stars

The Clawdbot AI Assistant Now Has More GitHub Stars Than React. OpenClawd Wants to Make Sure You Can Actually Run It. NEW ...
SecurityWeek

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data ...

OpenClaw has yet another major security flaw - here's what we know about 'ClawJacked'

Don't leave your OpenClaw with an easy password ...

爆红AI正在失控?深剖OpenClaw背后的安全风险!

幻觉问题会导致AI行为的不可预测性,即使是正常功能也可能在特定条件下失控。近期发生的一起真实事件印证了这一点:Meta的AI安全专家在使用OpenClaw整理邮箱时,该智能体无视连续三次的“停止”指令,疯狂删除了数百封邮件,充分展示了高权限AI在失控时的巨大破坏力。
Techzine Europe

Flaw in OpenClaw allows complete takeover of AI agent

A serious vulnerability in the open-source AI agent OpenClaw made it possible for arbitrary websites to take complete control ...
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...
腾讯网

预警:OpenClaw Gateway现高危漏洞,请立即升级至2026.2.25或更高版本

PANews 3月2日消息,GoPlus中文社区发布预警,OpenClaw ...