ClawHub Scope Squatting Lets Plugins Masquerade as Official OpenClaw Integrations
A supply-chain weakness in ClawHub’s plugin registry that allowed third-party packages to squat under organizational scopes and inherit first‑party credibili...
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
338 articles found
A supply-chain weakness in ClawHub’s plugin registry that allowed third-party packages to squat under organizational scopes and inherit first‑party credibili...
The UK’s data protection regulator the information commissioner has resigned after his position became “untenable”
Longtime security leader Doug Kersten has expanded his list of responsibilities. As CISO of software maker Appfire, he now has accountability for business ri...
At Zenith Live 2026 held on 16-17 June in Vienna, Zscaler sharpened a reality that Southeast Asia CIOs and CISOs are already sensing, which are, AI agents ar...
FortiBleed exposed a massive campaign that made billions of login attempts against Fortinet VPNs, compromising organizations worldwide. FortiBleed wasn’t a t...
One of the world’s top ransomware groups has given its criminal affiliates access to advanced tools capable of successfully disabling many of today’s enterpr...
AI-powered attacks are the biggest cybersecurity concern among security professionals. Forty-one percent identified AI-powered attacks at scale as their bigg...
AI agents can access data, trigger workflows, deploy code, and interact with critical business systems, often with little oversight. Token Security breaks do...
Writing on LinkedIn, Edwards said that while he has not agreed with how the investigation into him has been conducted, he has come to accept that his positio...
Microsoft is warning of a novel remote code execution (RCE) path possible through web-enabled AI agents, demonstrating the technique against AutoGen Studio, ...
A simple website flaw exposed members, political profiles, login tokens, and dating data from Peter Thiel ‘s secretive Dialog network. Dialog, a private invi...
A novel Windows-based cryptocurrency clipper that has been active since February 2026 and leverages Windows Script Host (WScript) and ActiveXObject calls to ...
Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine...
When a major cyber incident hits, all eyes are on the CISO. They become the invisible CEO of crisis, steering the entire enterprise through the storm, managi...
This new practice marks a shift because IP addresses are considered personal data under GDPR and UK law, requiring user consent for such uses.
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The...
Leaders need to know which suppliers matter most, and how quickly they can respond when one fails.
AI speeds investigations, but packet capture provides proof.
AWS Continuum for code vulnerabilities, a system built to handle a vulnerability across its lifecycle, from discovery through to a fix, is now available in g...
Legit Security has launched new remediation agents that independently prioritize issues, generate fixes, open pull requests, and confirm results using contex...