OpenClaw is a technology platform tracked across 50 threat clusters and 103 intelligence report mentions on ThreatCluster. First observed January 30, 2026; most recent activity July 17, 2026.
On July 11, 2026, multiple malicious versions of the jscrambler npm package were published, exploiting a compromised npm publishing credential. The affected versions (8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0) included…
In June 2026, Microsoft released its largest Patch Tuesday update, addressing 206 vulnerabilities, including critical flaws in Windows kernel and BitLocker. Notable CVEs include a zero-day in Visual Studio Code that…
A critical supply chain vulnerability in Claude Code’s GitHub Actions, identified by security researcher Ryota K from GMO Flat Security, allows attackers to compromise any repository using Anthropic’s CI/CD workflow.…
A critical remote code execution vulnerability, tracked as CVE-2026-3854, was discovered in GitHub's internal git infrastructure, allowing authenticated users to execute arbitrary commands via a crafted git push…
The AI tool OpenClaw has experienced a security incident stemming from a command injection vulnerability. This incident has raised concerns about the potential exploitation of the tool, which could affect various users…
OpenClaw, a crayfish-themed AI platform, has disclosed high-risk vulnerabilities, including CVE-2026-25253, which allows remote code execution via malicious links. The vulnerabilities pose significant risks to users,…
On May 8, 2026, China announced new guidelines for regulating AI agents due to rising security risks linked to open-source technologies, particularly OpenClaw. The Cyberspace Administration of China (CAC), along with…
The Infocomm Media Development Authority (IMDA) of Singapore issued an advisory on May 14, 2026, cautioning against the use of OpenClaw in mission-critical environments. OpenClaw, an AI tool released in November 2025 by…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
The rise of autonomous AI agents poses significant disinformation and cybersecurity risks in Southeast Asia, particularly following Meta's acquisition of Moltbook, an AI-driven social network. This incident led to the…