Security LandMar 11

The OpenClaw autonomous AI agent has achieved explosive growth, but its rapid rise has triggered a major security crisis. China's MIIT and CNCERT have issued urgent warnings following the discovery of over 40,000 exposed instances of the software online. The highest density of these exposed instances was located in China, followed by the US and Singapore.

Read More: https://www.security.land/china-openclaw-ai-security-alert-cve-2025-11251/

#SecurityLand #GeoSphere #China #OpenClaw #AI #SecurityVulnerability #CVE

China Issues Security Alert on OpenClaw AI Agent

The Ministry of Industry and Information Technology (MIIT) has issued an urgent warning against the open-source AI agent OpenClaw. Due to severe "default configuration" risks and hijacking flaws, government agencies and major banks have been ordered to restrict its use.

Security Land | Decoding the Cyber Threat Landscape
Privacy & Security NewsMar 2

“ClawJacked” Vulnerability Allows Malicious Websites to Take Control of OpenClaw

https://www.privacyguides.org/news/2026/03/02/clawjacked-vulnerability-allows-malicious-websites-to-take-control-of-openclaw/

#Privacy #News #PrivacyGuides #AI #SecurityVulnerability

“ClawJacked” Vulnerability Allows Malicious Websites to Take Control of OpenClaw

Oasis Security discovered a vulnerability in the popular OpenClaw agentic AI software that allows websites to silently bruteforce access to a locally running instance and take it over.

Privacy Guides
Privacy & Security NewsFeb 27

Notepad++’s New Update System is “Robust and Effectively Unexploitable”

https://www.privacyguides.org/news/2026/02/27/notepad-s-new-update-system-is-robust-and-effectively-unexploitable/

#Privacy #News #PrivacyGuides #SecurityVulnerability

Notepad++’s New Update System is “Robust and Effectively Unexploitable”

Notepad++ has released a blog post describing the security enhancements they’ve made since the state-sponsored hack earlier this month, highlighting their new “double lock” update mechanism.

Privacy Guides
Research Network Digi-Oek.chFeb 17

[en] Serious security vulnerabilities in cloud-based password managers : #Bitwarden, #Lastpass, #Dashlane

The research team of Prof. Paterson found cryptographic technologies from the 90s. "We were surprised by the severity of the security vulnerabilities".

In most cases, the researchers were able to gain access to the passwords – and even make changes to them.

https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html

Aside from this research paper, recommended password managers often include #KeePassXC and/or #KeePassDX for Android or #KeePassium for iOS. Also, it's usually a good idea to store only accounts and passwords that are really necessary on the go, especially on mobile devices.

#password #passwordmanager #cloudbased #security #ictsecurity #securityvulnerability #ethz

Password managers less secure than promised

Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords. 

ETH Zurich
Privacy & Security NewsJan 16

Bluetooth Exploit Leaves Hundreds of Millions of Accessories Vulnerable to Full Takeover

https://www.privacyguides.org/news/2026/01/16/bluetooth-exploit-leaves-hundreds-of-millions-of-accessories-vulnerable-to-full-takeover/

#Privacy #News #PrivacyGuides #SecurityVulnerability

Bluetooth Exploit Leaves Hundreds of Millions of Accessories Vulnerable to Full Takeover

Researchers have discovered a vulnerability in Google Fast Pair, dubbed WhisperPair, that leaves affected accessories open to being fully controlled by an attacker.

Privacy Guides
Privacy & Security NewsJan 16

Trail of Bits Exposes Vulnerabilities in Agentic Browsers, Compares to Cross-Site Scripting

https://www.privacyguides.org/news/2026/01/16/trail-of-bits-exposes-vulnerabilities-in-agentic-browsers-compares-to-cross-site-scripting/

#Privacy #News #PrivacyGuides #AI #SecurityVulnerability

Trail of Bits Exposes Vulnerabilities in Agentic Browsers, Compares to Cross-Site Scripting

Security research and consulting firm Trail of Bits analyzed agentic AI in browsers and found vulnerabilites that resemble cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

Privacy Guides
Security LandJan 4

2025 cyber recap: React2Shell hit CVSS 10.0, the first AI attack emerged, but only 23% paid ransoms. Law enforcement seized $320M across 20 operations. 2025 pushed cybersecurity to its limits. Our analysis covers top data breaches, critical vulnerabilities, and what 2026 demands.

Read More: https://www.security.land/2025-cybersecurity-year-in-review/

#SecurityLand #News #YearInReview #Cybersecurity #InfoSec #ThreatIntelligence #Ransomware #AI #DataBreach #CyberDefense #CISO #SecurityVulnerability #LawEnforcement #LEA #Government

2025 Cyber Year in Review: AI Attacks, Breaches & Takedowns

From React2Shell's perfect CVSS 10.0 score to the first autonomous AI cyberattack, 2025 pushed cybersecurity to its limits. This comprehensive analysis covers the top 10 breaches, critical vulnerabilities, why ransomware economics is slowly collapsing and big LEA operations against cybercriminals.

Security Land | Decoding the Cyber Threat Landscape
Security LandDec 19

Analysis of CVE-2025-14733, a critical WatchGuard Firebox security vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations.

#SecurityLand #CyberWatch #ZeroDay #Watchguard #SecurityVulnerability #Firewall #CVE

Read More: https://www.security.land/watchguard-cve-2025-14733-critical-vulnerability-analysis/

Inside CVE-2025-14733: The Unauthenticated RCE Hitting WatchGuard Firewalls

Analysis of CVE-2025-14733, a critical WatchGuard Firebox vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations.

Security Land | Decoding the Cyber Threat Landscape
Vietnamnet BOTDec 12

Lỗ hổng bảo mật nghiêm trọng mang mã CVE-2025-55182 vừa được cảnh báo, có thể ảnh hưởng đến các doanh nghiệp Việt Nam sử dụng website, API và cổng thông tin số. Chuyên gia khuyến nghị các doanh nghiệp cần rà soát hệ thống, cập nhật phần mềm kịp thời và tăng cường giám sát an ninh mạng để phòng ngừa tấn công.

#Cybersecurity #AnNinhMang #CVE202555182 #BaoMatThongTin #DoanhNghiep #SecurityVulnerability #LỗHổngBảoMật #CảnhBáoAnNinhMạng

https://vietnamnet.vn/chuyen-gia-khuyen-nghi-doanh-nghiep-vi

Security LandDec 10

Ivanti Endpoint Manager faces four security vulnerabilities, including a critical 9.6 CVSS flaw. Updates now available for EPM users.

#SecurityLand #CyberWatch #SecurityVulnerability #Ivanti #EPM #CVSS #CVE #XSS

Read More: https://www.security.land/critical-flaws-ivanti-epm-endpoint-management/

Critical Flaws Discovered in Ivanti EPM Endpoint Management Software

Ivanti Endpoint Manager faces four security vulnerabilities, including a critical 9.6 CVSS flaw. Updates now available for EPM users.

Security Land | Decoding the Cyber Threat Landscape