Login Subscribe

Vulnerabilities & Exploits

OpenClaw AI Agent Vulnerable to Prompt Injection, Enables Code Execution and Data Theft

OpenClaw AI Agent Vulnerable to Prompt Injection, Enables Code Execution and Data Theft

A recent security analysis uncovered that the OpenClaw AI agent does not properly sanitize user prompts. Attackers can embed malicious instructions within seemingly benign queries, causing the agent to execute arbitrary system commands and retrieve sensitive files. The flaw enables both remote code execution and data exfiltration through crafted prompts

Critical Android Lock‑Screen Bypass Exploits Timing Flaw

Critical Android Lock‑Screen Bypass Exploits Timing Flaw

Malwarebytes has disclosed a critical Android vulnerability that leverages a timing flaw in the lock‑screen implementation. By carefully synchronizing input events, an attacker can trigger the bypass routine and unlock the device in under a minute, regardless of PIN, pattern, or biometric protection. The exploit grants full, untrusted access

Surge in SSH Brute‑Force, CVE‑2026‑1234 Exploits, and IoT Botnets Forces New Defenses

The ISC Stormcast episode from March 12 reported a sharp rise in automated SSH brute‑force attempts across multiple regions, a fresh wave of exploitation targeting the newly disclosed CVE‑2026‑1234 vulnerability, and an uptick in botnet activity that is specifically hunting insecure IoT devices. The SSH attacks are

Critical Android Lock‑Screen Race Condition Lets Malware Bypass 12‑13 Security

Critical Android Lock‑Screen Race Condition Lets Malware Bypass 12‑13 Security

A new critical flaw uncovered by Malwarebytes exploits a race condition in Android’s UI handling code. The bug allows a malicious app to take control of the lock‑screen workflow on unmodified devices running Android 12 or 13, bypassing PIN, password, or biometric protection in under a minute after

Iran‑Backed Wiper Hits Stryker’s Legacy Systems, Threatens MedTech Production

A group claiming affiliation with Iran launched a destructive wiper campaign against Stryker, a major medical‑technology manufacturer. The attackers exploited previously unknown vulnerabilities in the company’s legacy device‑management infrastructure, deploying custom wiping payloads that overwrote firmware and erased critical patient‑related data across production lines. The incident

Microsoft Authenticator Leak Exposes MFA Codes Until App Update

Microsoft Authenticator Leak Exposes MFA Codes Until App Update

A vulnerability was discovered in the Microsoft Authenticator mobile app that could unintentionally reveal the time‑based one‑time passwords (TOTPs) it generates. The flaw allowed the codes to be displayed in clear text under certain conditions, making them accessible to anyone with physical or remote access to the device

Critical Android Graphics Driver Flaw Lets Attackers Bypass Lock Screen in Seconds

Critical Android Graphics Driver Flaw Lets Attackers Bypass Lock Screen in Seconds

Malwarebytes has identified a critical zero‑day vulnerability in Android’s graphics driver stack. By delivering a specially crafted image or malicious app, an adversary can trigger the bug and force the device to unlock in under a minute, bypassing PIN, password, or biometric protections without user interaction. The flaw

New Android Lock‑Screen Bypass Exploits Biometric Pathway, Gives Full Device Access

New Android Lock‑Screen Bypass Exploits Biometric Pathway, Gives Full Device Access

A recently disclosed Android flaw lets an attacker sidestep the lock screen by corrupting the biometric authentication flow. By injecting crafted data into the fingerprint/face‑unlock subsystem, the exploit can unlock the device without any user interaction, effectively granting the attacker the same privileges as the legitimate owner. The