OpenClaw integrates VirusTotal Code Insight scanning for ClawHub skills following reports of malicious plugins, prompt injection & exposed instances.

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

A security audit found 341 malicious ClawHub skills abusing OpenClaw to spread Atomic Stealer and steal credentials on macOS ...

Malicious actors are now injecting malicious codes into legitimate projects to steal digital assets from unsuspecting users. According to reports, cybersecurity researchers have uncovered a ...

A malicious package recently uploaded to the Python Package Index (PyPI) is the latest manifestation of the growing sophistication of software supply chain threats. Security researchers at JFrog ...

A new report out today from cloud-native application security firm Sysdig Inc. details one of the first instances of a large language model being weaponized in an active malware campaign. Discovered ...

However, stealing session cookies is not novel, as infostealers and adversary-in-the-middle phishing attacks commonly target them. While stealing cookies to breach accounts is not a new concept, the ...

Two critical remote code execution vulnerabilities in the Model Context Protocol (MCP) ecosystem have laid bare the hidden risks lurking in what's quickly becoming AI's new backbone infrastructure.

A new pair of malicious Visual Studio Code extensions capable of harvesting screenshots, browser sessions and stored credentials has been discovered by cybersecurity researchers. The extensions, ...

A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive ...