Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.

Security researchers at Noma Labs found a critical flaw in Context7, a widely used tool that feeds AI coding assistants documentation, allowing attackers to plant ...

A malicious npm package disguised as a legitimate AI tool to install the virally popular OpenClaw, but designed to steal system passwords and crypto wallets, has been identified by cybersecurity ...

Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface A new ...

GhostClaw poses as an OpenClaw installer package, stealing system credentials and sensitive data before deploying a persistent RAT.

A newly discovered InstallFix campaign relies on malicious commands on cloned installation webpages to trick victims into installing malware.

Powered by the TypesScript-native runtime Bun, Electrobun improves Electron with a smaller application footprint and built-in update mechanisms.

For agents, the value is clearer still: structured JSON output, reusable commands and built-in skills that let models ...

Google releases a Workspace CLI that lets AI agents like OpenClaw connect with Gmail, Drive, Docs, and other Workspace APIs ...

ClawSecure's analysis of 2,890+ popular OpenClaw agent skills reveals 9,515 security findings, with 30.6% rated HIGH or ...

More OpenClaw security woes. Huntress researchers say bad actors convinced users to download a bogus installer for the AI personal assistant that deployed infostealers by hosting it in a malicious ...