GhostClaw poses as an OpenClaw installer package, stealing system credentials and sensitive data before deploying a persistent RAT.

Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.

People view reliable internet as a basic necessity, on par with housing or electricity, but more than 30 percent of those 65 ...

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft’s Digital Crimes Unit (DCU) to work with ...

The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

The VS Code 1.110 cycle is putting more 'hands-on' capabilities into chat, led by native browser integration that lets AI agents interact with page elements, capture screenshots, and pull real-time ...

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...

Meanwhile, President Donald Trump has told a White House event the US is striking Iranian drone and missile systems "every ...

AI Overview citations diverge further from organic rankings. AIO coverage grows 58% across industries. Google and Bing both ...

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.