Coverage
Vulnerabilities
754 articles on vulnerability disclosures and exploits
Advertisement
OpenClaw Hijacking Vulnerability: How Malicious Sites Control AI Agents
A critical vulnerability in the OpenClaw AI gateway allows malicious websites to hijack local AI agents via WebSocket connections and password brute-forcing.
Chrome Gemini Live Hijacking: Malicious Extension Vulnerability
A vulnerability in Google Chrome’s Gemini Live AI assistant allowed malicious extensions to hijack sessions and steal user files. Learn more about the impact.
SD-WAN Zero-Day and Smart TV Proxy SDK Vulnerabilities Recap
Technical analysis of recent SD-WAN zero-day exploits and Smart TV proxy SDK risks, detailing how network infrastructure is increasingly targeted.
Wireshark 4.6.4 Patch Fixes Dissector Vulnerabilities — Update Guide
Wireshark 4.6.4 addresses multiple dissector vulnerabilities, including CVE-2025-1811 and CVE-2025-1812, which could lead to application crashes.
APT28 Exploits CVE-2026-21513: MSHTML 0-Day Intelligence
Akamai reports Russia-linked APT28 exploited CVE-2026-21513 in the MSHTML Framework as a zero-day before Microsoft's February 2026 security patch updates.
CVE-2025-24036: Critical RCE in Ivanti Connect Secure — Patch Now
Exploit analysis of CVE-2025-24036 in Ivanti Connect Secure and Policy Secure. Learn to detect unauthenticated RCE attempts and apply mitigation strategies.
ClawJacked Vulnerability in OpenClaw AI Agent Enables Data Hijacking
Analysis of the ClawJacked attack where malicious websites can hijack local OpenClaw instances to steal sensitive LLM API keys and private conversation data.
ClawJacked: Hijacking Local OpenClaw AI Agents via WebSocket
A high-severity vulnerability in the OpenClaw AI gateway allows malicious websites to take control of local AI agents by exploiting WebSocket flaws.
900+ Sangoma FreePBX Servers Compromised via Web Shell Exploitation
Over 900 Sangoma FreePBX instances are currently infected with web shells following a command injection campaign first observed in late 2025.
Addressing Enterprise Risk in Third-Party Software Patching
Analyze the security risks of third-party software drift and learn why automated patch management is essential for reducing the modern attack surface.
CISA Warns of RESURGE Malware Persistence on Ivanti Devices
CISA details RESURGE, a sophisticated implant exploiting CVE-2025-0282 in Ivanti Connect Secure, capable of remaining dormant to bypass detection and recovery.
Juniper PTX Routers Face Critical RCE via Junos OS Evolved Flaw
Juniper Networks patches a critical 9.8 CVSS RCE vulnerability (CVE-2024-21602) in PTX Series routers. Learn the technical details and mitigation steps.