SecurityWeek

OpenClaw Vulnerability Allowed Malicious Websites to Hijack AI Agents

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data ...

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
腾讯网

预警:OpenClaw Gateway现高危漏洞,请立即升级至2026.2.25或更高版本

PANews 3月2日消息,GoPlus中文社区发布预警,OpenClaw ...
Techzine Europe

Flaw in OpenClaw allows complete takeover of AI agent

A serious vulnerability in the open-source AI agent OpenClaw made it possible for arbitrary websites to take complete control ...
腾讯网

OpenClaw 0-Click漏洞致恶意网站可劫持开发者AI Agent

Oasis安全研究人员在OpenClaw中发现了一个关键的零交互漏洞。作为史上增长最快的开源AI Agent框架之一,该漏洞允许任何恶意网站无需插件、扩展或用户操作即可静默获取开发者AI Agent的完全控制权。
至顶网

智能体劫持

OpenClaw修复了一个高危安全漏洞ClawJacked,该漏洞可能允许恶意网站通过WebSocket连接到本地运行的AI代理并获取控制权。攻击者可利用JavaScript暴力破解网关密码,注册为受信任设备,完全控制AI代理。此外,ClawHub平台发现71个恶意技能包,部分伪装成加密货币工具实施诈骗。微软建议将OpenClaw视为不可信代码执行环境,仅在完全隔离的环境中部署。
The Hacker News

North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT via 31 Vercel deployments.
Infosecurity Magazine

ClawJacked Bug Enables Covert AI Agent Hijacking

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw ...