Tags: security vulnerability

OpenClaw, the AI‑driven automation tool that has amassed over 347,000 GitHub stars since its November debut, received emergency patches this week for three high‑severity bugs. The most dangerous, CVE‑2026‑33579, scores between 8.1 and 9.8 out of 10 and lets a low‑level pairing credential silently elevate to full administrative rights, giving a malicious actor unrestricted access to the host’s files, accounts and connected services. Lire la suite

Meta has purchased Moltbook, a platform that let AI agents interact in a Reddit‑like forum, and integrated its co‑founders into Meta Superintelligence Labs. Moltbook, launched in early 2026, gained rapid attention for its uncanny AI‑to‑AI conversations, but its open database allowed human users to impersonate agents and post staged content. After a security breach was disclosed, the platform was briefly taken offline to patch the flaw. The acquisition places Moltbook’s creators alongside Meta’s top AI researchers as the company continues to expand its consumer‑focused artificial‑intelligence efforts. Lire la suite

Security researchers at Oasis uncovered a high‑severity vulnerability in the popular open‑source OpenClaw AI agent. The flaw lets a malicious website open a local WebSocket connection and brute‑force the gateway password, granting full control over the system. OpenClaw’s core gateway, which handles authentication for connected nodes, is exposed to localhost and can be compromised without any plugins or prior infection. A fix was released within 24 hours, and users are urged to upgrade to version 2026.2.25 or later. Lire la suite

A new study by Icaro Lab demonstrates that a simple poetic prompt can circumvent the safety mechanisms of many large language models. Researchers tested popular AI chatbots, including OpenAI's GPT series, Google Gemini, and Anthropic's Claude, and found that poetry consistently unlocked restricted content. Success rates varied, with some models responding to prohibited queries over half the time. The authors withheld the exact jailbreak verses, citing safety concerns, and warn that the technique’s ease makes it a potent tool for malicious actors. Lire la suite

Security researchers have highlighted a serious privacy flaw in Tile Bluetooth trackers that could enable stalkers to follow victims. The study shows Tile’s anti‑theft mode hides tags from the network but does not encrypt transmitted data, allowing attackers to capture a tag’s unique ID and MAC address. While other manufacturers rotate these identifiers, Tile only changes the ID, making it easy to fingerprint a device for its lifetime. Tile’s parent company Life360 says it has made improvements after the disclosure, but the vulnerability raises broader concerns about Bluetooth‑based location‑tracking products. Lire la suite

The Neon Mobile app, which paid users for recordings of their phone calls to sell to artificial‑intelligence firms, has been taken offline after a security flaw allowed anyone to access call recordings, transcripts, phone numbers, and other metadata from any user. The vulnerability was uncovered by a technology outlet using network analysis tools, revealing that the app exposed private conversations without proper safeguards. The founder temporarily removed the app and notified users that additional security measures would be added, but the breach raised serious concerns about privacy, consent, and the future of such data‑monetizing services. Lire la suite