OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...

Don't leave your OpenClaw with an easy password ...

A critical OpenClaw flaw allowed malicious websites to connect to locally running agents, brute-force passwords without ...

幻觉问题会导致AI行为的不可预测性，即使是正常功能也可能在特定条件下失控。近期发生的一起真实事件印证了这一点：Meta的AI安全专家在使用OpenClaw整理邮箱时，该智能体无视连续三次的“停止”指令，疯狂删除了数百封邮件，充分展示了高权限AI在失控时的巨大破坏力。

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

North Korean-linked campaign publishes 26 malicious npm packages hiding C2 in Pastebin, deploying credential stealers & RAT ...

A serious vulnerability in the open-source AI agent OpenClaw made it possible for arbitrary websites to take complete control ...

In 2025, something unexpected happened. The programming language most notorious for its difficulty became the go-to choice for the laziest form of programming imaginable.

PANews 3月2日消息，GoPlus中文社区发布预警，OpenClaw ...

The now-patched flaw is the latest in a growing string of security issues with the viral AI tool, which has seen rapid adoption among developers.

Oasis安全研究人员在OpenClaw中发现了一个关键的零交互漏洞。作为史上增长最快的开源AI Agent框架之一，该漏洞允许任何恶意网站无需插件、扩展或用户操作即可静默获取开发者AI Agent的完全控制权。