SourcesOpenClaw Security Crisis 341 Malicious Skills CVE-2026-25253The Hacker News·high signalCVE-2026-25253 CVSS 8.8 one-click RCE. 42665 exposed instances. 341 of 2857 ClawHub skills malicious (12%). 335 traced to coordinated ClawHavoc operation.SourceSource pageThe Hacker News↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternGhostcommit hides prompt injection in PNG files to make AI coding agents exfiltrate repo secretsSecNewsStack layer / Threat patternGhostApproval: symlink flaw turns human-in-the-loop into a rubber stamp across 6 coding agentsCyber Security NewsStack layer / Threat patternUnit 42: AI-agent npm packages become a prime supply-chain target in H1 2026Unit 42 (Palo Alto Networks)Policy dependency / Stack layerCodenotary ships AgentMon 3 for agent runtime policy and compliance loggingAI Agent StorePolicy dependency / Stack layerReason Less, Verify More: Deterministic Gates Catch a Silent Policy-Violation Failure in Tool-Using AgentsarXivThreat pattern / Follow-up threadPattern: Untrusted HTML Reaching an IDE — READMEs, Tool Descriptions, Browsed Pages — Is the New RCE Surface for Coding AgentsOX SecurityPolicy dependency / Stack layerFirst Recon AI ships AI Security Runtime GA — inline policy enforcement on every agent-to-agent and agent-to-tool callBusiness Wire