OpenClaw 2026.2.12 Release Patches 40+ Vulnerabilities in AI Agents
OpenClaw 2026.2.12 brings critical security fixes for over 40 vulnerabilities in its AI agent platform. It targets risks like exposed agents, RCE chains, and unsafe…
New ClickFix Attack Targets Windows Users with StealC Malware
A new wave of ClickFix attacks tricks Windows users into running StealC stealer malware through fake CAPTCHA pages on hacked websites. Victims think they complete…
CISA Flags Actively Exploited Microsoft SCCM SQL Injection Vulnerability CVE-2024-43468
CISA added CVE-2024-43468, a critical SQL injection flaw in Microsoft Configuration Manager (SCCM), to its Known Exploited Vulnerabilities catalog on February 12, 2026. Federal agencies…
Alleged OpenSea Zero-Day Exploit Chain Listed for $100,000 on Hacking Forum
A threat actor is allegedly offering a critical zero-day exploit chain targeting OpenSea for $100,000, payable in Bitcoin or Monero. The seller claims the vulnerability…
MacOS Users Targeted by Malware Through Claude AI Artifacts and Google Ads
A new malware campaign is using Google Search ads and public Claude AI artifacts to trick macOS users into running harmful commands in their Terminal.…
Google links suspected Russian actor to CANFAIL malware attacks on Ukrainian organisations
Google Threat Intelligence Group (GTIG) says a previously undocumented threat actor, likely tied to Russian intelligence, has used phishing to deliver a JavaScript backdoor called…
Global Defense Sector Faces Coordinated Cyberattacks from China, Russia, Iran & North Korea
Cybersecurity researchers at Google Threat Intelligence Group (GTIG) report that major state-linked hackers from China, Russia, Iran, and North Korea are actively targeting the global…
VoidLink: a modular, AI-assisted malware framework tied to UAT-9921 what defenders must know
Security teams are tracking a powerful new malware framework called VoidLink that targets Linux cloud environments and can give attackers long-term, stealthy control. Researchers say…
Malicious Chrome Extensions Exposed: Stealing Business Data, 2FA Codes, and Browser History
Security researchers have uncovered multiple malicious Google Chrome extensions that are abusing browser permissions to steal sensitive data. These include extensions aimed at Meta Business…
npm Overhauls Authentication to Reduce Supply Chain Risk but Attacks Still Possible
npm has completed a major update to how developers authenticate when publishing packages. The change aims to reduce the risk of supply chain attacks by…
November 21, 2025
1 comment 
