SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
CSO Online

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Malicious telnyx 4.87.1/4.87.2 on PyPI used audio steganography March 27, 2026, enabling cross-platform credential theft.
Palm Beach Post

OpenClaw Security Audit Finds 41% of Skills Have Vulnerabilities

ClawSecure’s analysis of 2,890+ popular OpenClaw agent skills reveals 9,515 security findings, with 30.6% rated HIGH or CRITICAL severity. ClawSecure found 41% of OpenClaw skills contain ...
Krebs on Security

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports ...
VentureBeat

Google clamps down on Antigravity 'malicious usage', cutting off OpenClaw users in sweeping ToS enforcement move

Google caused controversy among some developers this weekend and today, Monday, February 23rd, after restricting their usage of its new Antigravity "vibe coding" platform, alleging "maliciously usage.
SDxCentral

OpenClaw developer Peter Steinberger joins OpenAI to accelerate agentic vision

Peter Steinberger, the developer behind the OpenClaw system that lets AI agents coordinate workflows, has joined OpenAI. In a blog post detailing the move, Steinberger said the switch represented the ...
Bleeping Computer

New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks ...