Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors.
The post ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery appeared first on SecurityWeek.
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products.
The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 appeared first on SecurityWeek.
In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas.
The post In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws appeared first on SecurityWeek.
OpenAI Hit by TanStack Supply Chain Attack
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories.
The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.
Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsistent.
The post Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere appeared first on SecurityWeek.
G7 Countries Release AI SBOM Guidance
The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains.
The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek.
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed.
The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security.
The post Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means appeared first on SecurityWeek.
Google Detects First AI-Generated Zero-Day Exploit
The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group.
The post Google Detects First AI-Generated Zero-Day Exploit appeared first on SecurityWeek.
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
The company topped revenue and earnings forecasts for the first quarter of 2026, but its shares plunged more than 20%.
The post Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring appeared first on SecurityWeek.
