The Hacker News

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw patches ClawJacked flaw, log poisoning bug, and multiple CVEs as 71 malicious ClawHub skills spread malware and ...

Oasis Security Research Team Discovers Critical Vulnerability in OpenClaw

Oasis Security, the identity security platform, today released new threat research exploring a vulnerability chain in ...

CrafterCMS Releases MCP Server Plugin to Facilitate AI Application Development

New open source plugin embeds an MCP server into CrafterCMS, enabling AI agents to securely access content, APIs, and ...

New ‘Whop WooCommerce’ WordPress Plugin Adds Whop Checkout Options for WooCommerce Merchants

Plugin supports dynamic checkout pages, unlimited cart capacity, and data syncing for physical and digital product ...
Visual Studio Magazine

VS Code 1.110 Ships with Agent Plugins, Browser Tools and Session Memory

Visual Studio Code 1.110 (February 2026) adds new agent extensibility, browser-driving chat tools, and expanded chat accessibility.
The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.

OpenClaw has yet another major security flaw - here's what we know about 'ClawJacked'

Don't leave your OpenClaw with an easy password ...
ADTmag

Open VSX Hits 300 Million Monthly Downloads, and the Quiet Infrastructure Behind AI Coding Tools Gets a Stress Test

In the AI developer boom, some of the most important battlegrounds are not glamorous models or splashy chatbots. They are the quiet pipes that keep modern coding tools fed and up to date.
Dark Reading

Critical OpenClaw Vulnerability Exposes AI Agent Risks

The now-patched flaw is the latest in a growing string of security issues with the viral AI tool, which has seen rapid adoption among developers.

The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web

OpenClaw has sparked heavy Telegram and dark web chatter, but Flare's data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills ...
Security Boulevard

Palo Alto Networks Moves to Secure Agentic Endpoints with Koi Deal

Palo Alto Networks’ acquisition of Koi Security signals a strategic shift toward governing AI agents and extensions at the endpoint layer, as enterprises confront a new shadow infrastructure of ...

‘ChiChi Call’ viral video scam: How Ghost File fraud is targeting social media users

The ‘ChiChi Call' viral video trend targeting Vera Hill is a Ghost File scam. Experts warn that fake links use SEO poisoning and phishing pages to steal personal data and spread malware across social ...