OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...

Oasis安全研究人员在OpenClaw中发现了一个关键的零交互漏洞。作为史上增长最快的开源AI Agent框架之一，该漏洞允许任何恶意网站无需插件、扩展或用户操作即可静默获取开发者AI Agent的完全控制权。

OpenClaw修复了一个高危安全漏洞ClawJacked，该漏洞可能允许恶意网站通过WebSocket连接到本地运行的AI代理并获取控制权。攻击者可利用JavaScript暴力破解网关密码，注册为受信任设备，完全控制AI代理。此外，ClawHub平台发现71个恶意技能包，部分伪装成加密货币工具实施诈骗。微软建议将OpenClaw视为不可信代码执行环境，仅在完全隔离的环境中部署。

A：ClawJacked是OpenClaw中的一个高严重性安全漏洞，允许恶意网站通过WebSocket连接到本地运行的AI智能体并接管控制权。攻击者可以通过暴力破解密码、注册为受信任设备，最终获得对AI智能体的完全控制权，包括转储配置数据、读取日志等。

OpenClaw is in the news again for another serious security issue. Security researchers from Oasis Security discovered a ...

The thick client is making a comeback. Here’s how next-generation local databases like PGlite and RxDB are bringing ...

Oasis Security, the identity security platform, today released new threat research exploring a vulnerability chain in ...

Introduction: The Evolution of Browser Security For two decades, the web browser served as the primary security frontier for digital interactions. The logic was clear: the browser represented the lens ...