OpenClaw 29+ CVEs Patched in v2026.2.14: Path Traversal, Auth Bypass, SSRF, and RCE Across AI Agent Tool
Security researchers disclosed 29 or more CVEs affecting OpenClaw, the locally-running AI agent tool, patched in version 2026.2.14
Security
Thousands of Public Google Cloud API Keys Gain Unexpected Gemini Access After API Enablement
Truffle Security discovered that nearly 3,000 publicly exposed Google Cloud API keys — embedded in client-side JavaScript for services like
Wormable XMRig Cryptominer Uses BYOVD Exploit and Time-Based Logic Bomb to Evade Detection
Trellix researchers have disclosed a sophisticated new cryptojacking campaign that deploys a bespoke XMRig miner using a multi-stage infection chain,
Claude Opus 4.6 Found 100+ Firefox Bugs in Two Weeks — New WSJ Details on Mozilla AI Security Collaboration
The Wall Street Journal reports that Mozilla says Claude Opus 4.6 found more than 100 bugs in Firefox in
Iran-Linked MuddyWater Deploys Dindoor Backdoor Against US Banks, Airports, and Defense Software Supplier
Broadcom's Symantec and Carbon Black Threat Hunter Team have identified a new campaign by Iranian state-sponsored group MuddyWater
Mozilla and Anthropic Red Team Discover 22 CVEs in Firefox via AI-Assisted Vulnerability Detection
Mozilla has patched 22 CVEs in Firefox 148 after Anthropic's Frontier Red Team used Claude to identify more
Cisco Catalyst SD-WAN CVE-2026-20127: Max-Severity 0-Day Exploited Since 2023
A maximum-severity authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (vSmart) and SD-WAN Manager (vManage), tracked as CVE-2026-20127 with a
ClawJacked: High-Severity Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
Security firm Oasis Security disclosed a high-severity vulnerability dubbed ClawJacked in OpenClaw, a locally running AI agent tool, that allows
APT28 Exploited CVE-2026-21513 MSHTML Zero-Day Before February 2026 Patch Tuesday
The Russia-linked state-sponsored threat actor APT28 (Fancy Bear) exploited CVE-2026-21513, a high-severity MSHTML Framework security feature bypass (CVSS 8.8)
Docker Launches Hardened Base Images for Secure Container Builds
Docker announced the launch of hardened base images, a set of minimal, security-optimized container images designed to reduce the attack
Firefox 16 Pulled Just After Release to Address Security Vulnerabilities
Mozilla pulled Firefox 16 from distribution shortly after its release to address security vulnerabilities discovered in the newly shipped version,
Google Chrome Adds Post-Quantum Cryptography: X25519Kyber768 Key Encapsulation Now Default
Google has updated Chrome to enable post-quantum cryptography by default using the X25519Kyber768 hybrid key encapsulation mechanism (KEM), making Chrome
Malware-Laced OpenClaw Installers Boosted by Bing AI Search Results
Security researchers at Huntress identified malicious GitHub repositories containing OpenClaw installers laced with information-stealing malware and GhostSocks, which were being
LastPass Users Targeted by Sophisticated Phishing Campaign Spoofing Security Alerts
LastPass users are being targeted by a sophisticated phishing campaign that uses spoofed security alert emails and display name spoofing
LexisNexis Confirms Data Breach via React2Shell AWS Vulnerability, Leaked Government Employee Data
LexisNexis Legal & Professional confirmed a data breach in which hackers accessed its AWS infrastructure by exploiting a vulnerability called