InfoWorld

Compromised npm package silently installs OpenClaw on developer machines

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used ...
CSOonline

Six flaws found hiding in OpenClaw’s plumbing

Researchers say an AI-powered code scanner traced untrusted data across layers of OpenClaw, exposing exploitable weaknesses including SSRF, authentication bypass, and path traversal. Security ...
Infosecurity-magazine.com

Researchers Reveal Six New OpenClaw Vulnerabilities

OpenClaw has patched six new vulnerabilities in its popular agentic AI assistant, covering server-side request forgery (SSRF), missing authentication and path traversal bugs, according to Endor Labs.
Bleeping Computer

CISA warns of five-year-old GitLab flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in ...
CBS News

Shooters still on loose in 2 deadly attacks about 6 blocks apart on Chicago's Near West Side

The shooters remained at large Wednesday in two attacks that happened less than a mile apart on Chicago's Near West Side a day earlier. The first happened in a White Castle parking lot at Roosevelt ...
Boston Herald

Trump claims Putin agreed to temporary halt in energy attacks on Ukraine, but terms are unclear

KYIV, Ukraine (AP) — The terms of a Russian commitment to U.S. President Donald Trump to temporarily halt its bombardment of Ukraine during one of the country’s bleakest winters in years remained ...
New York Post

Trump says Putin agreed to a 1-week pause in Ukraine attacks after his personal phone request

President Trump personally implored Russian dictator Vladimir Putin to halt missile and drone strikes on Ukrainian cities for a week, as civilians face deadly cold and widespread blackouts caused by ...
The Escapist

Embark reveals DDoS attacks are causing ARC Raiders and The Finals server issues

ARC Raiders’ latest patch with many new meta events has dropped. And while the new big patch is causing various bugs and issues, it turns out it’s not entirely to blame. Hostile actors are attacking ...
clickondetroit.com

FOIA request uncovers 911 audio from before deadly Grand Blanc Township church attack

Grand Blanc Township, Mich. – Newly released 911 audio reveals that the gunman responsible for the deadly attack on a Mormon church in Grand Blanc Township attempted to divert law enforcement by ...
The Hacker News

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral ...
Infosecurity-magazine.com

Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps

Two security vulnerabilities disclosed in the Chainlit framework have drawn attention to the growing risks posed by traditional web flaws in AI application environments. The issues, discovered by ...
Dark Reading

Microsoft & Anthropic MCP Servers at Risk of RCE, Cloud Takeovers

The most popular trusted model context protocol (MCP) servers on the Web today contain severe cybersecurity vulnerabilities. The Internet of AI forming all around us is growing larger and more ...