Web Security

OpenClaw Integrates VirusTotal Scanning to Identify Malicious ClawHub Skills

OpenClaw, previously known as Moltbot and Clawdbot, has announced a new security partnership with Google-owned VirusTotal to strengthen defenses across its skill marketplace, ClawHub. The move is aimed at reducing the growing risk of malicious skills entering the rapidly expanding agentic AI ecosystem. According to OpenClaw founder Peter Steinberger and collaborators Jamieson O’Reilly and Bernardo Quintero, every […]

OpenClaw Integrates VirusTotal Scanning to Identify Malicious ClawHub Skills Read More »

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware

Cybersecurity researchers have uncovered a sophisticated adversary-in-the-middle framework named DKnife, which has been operated by China-linked threat actors since at least 2019. The framework is designed to compromise routers and edge devices, enabling large-scale traffic interception, credential theft, and targeted malware distribution. According to a report published by Cisco Talos, DKnife consists of multiple Linux-based implants

China-Linked DKnife AitM Framework Targets Routers to Hijack Traffic and Deliver Malware Read More »

Malicious NGINX Configurations Power a Large-Scale Web Traffic Hijacking Campaign

Cybersecurity researchers have identified an active campaign in which attackers exploit NGINX installations and management platforms such as Baota (BT) Panel to hijack web traffic on a large scale. The operation manipulates web requests, routing them through infrastructure controlled by threat actors. Datadog Security Labs reported that the campaign leverages React2Shell (CVE-2025-55182, CVSS score: 10.0) exploits alongside malicious NGINX configurations to

Malicious NGINX Configurations Power a Large-Scale Web Traffic Hijacking Campaign Read More »

China Linked UAT 8099 Targets IIS Servers in Asia Using BadIIS SEO Malware

Cybersecurity researchers have uncovered a new malicious campaign attributed to a China linked threat actor tracked as UAT 8099. The activity, observed between late 2025 and early 2026, targeted vulnerable Microsoft Internet Information Services servers across multiple Asian countries. The campaign was identified by Cisco Talos, which reported that the attacks primarily focused on IIS

China Linked UAT 8099 Targets IIS Servers in Asia Using BadIIS SEO Malware Read More »

Chainlit AI Framework Vulnerabilities Enable Data Theft via File Read and SSRF Bugs

Security researchers have disclosed high-severity vulnerabilities in the popular open-source AI framework Chainlit that could allow attackers to steal sensitive data and potentially move laterally inside affected environments. The issues were identified by Zafran Security and collectively named ChainLeak. According to the researchers, the flaws can be abused to leak cloud API keys, access sensitive server files, and perform server-side

Chainlit AI Framework Vulnerabilities Enable Data Theft via File Read and SSRF Bugs Read More »

Long-Running Web Skimming Campaign Steals Credit Card Data From Online Checkout Pages

Cybersecurity researchers have uncovered a large scale web skimming operation that has remained active since January 2022, silently harvesting payment card data from compromised online checkout pages. The campaign targets organizations connected to major global payment networks, including American Express, Diners Club, Discover, JCB, Mastercard, and UnionPay. According to a newly published report by Silent

Long-Running Web Skimming Campaign Steals Credit Card Data From Online Checkout Pages Read More »

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers

Users of the @adonisjs/bodyparser npm package are being urged to update immediately after the disclosure of a critical security vulnerability that could allow remote attackers to write arbitrary files on affected servers. The issue is tracked as CVE-2026-21440 and carries a CVSS score of 9.2, indicating high severity. According to project maintainers, the flaw stems from a path traversal vulnerability within AdonisJS’s

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers Read More »

Critical n8n Flaw with CVSS 9.9 Allows Arbitrary Code Execution Across Thousands of Instances

Cybersecurity researchers have revealed a highly severe security flaw in the n8n workflow automation platform that could allow attackers to execute arbitrary code on vulnerable systems under specific conditions. The vulnerability is tracked as CVE-2025-68613 and has received a CVSS score of 9.9, placing it among the most critical software flaws disclosed this year. The issue was identified

Critical n8n Flaw with CVSS 9.9 Allows Arbitrary Code Execution Across Thousands of Instances Read More »

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

Cybersecurity researchers have confirmed active exploitation of a critical security flaw known as React2Shell, with threat actors using it to deploy multiple Linux based backdoors, including KSwapDoor and ZnDoor. The findings come from independent investigations conducted by Palo Alto Networks Unit 42 and NTT Security. According to Unit 42, KSwapDoor is a highly sophisticated remote

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors Read More »

New React RSC Vulnerabilities Allow DoS Attacks and Source Code Exposure

The React development team has released security updates addressing two newly identified classes of vulnerabilities in React Server Components (RSC). If exploited, these weaknesses could allow attackers to trigger denial of service conditions or expose application source code, expanding the risk surface for environments already under pressure from recent React-related flaws. According to the React

New React RSC Vulnerabilities Allow DoS Attacks and Source Code Exposure Read More »