NewsClawJacked Zero-Click WebSocket Hijack of OpenClawThe Hacker News·high signalZero-click vulnerability in OpenClaw gateway. Malicious website hijacks local AI agent via WebSocket. Patched in v2026.2.25.SourceSource pageThe Hacker News↳ Follow the threadShared entity / Threat pattern'OpenClaw' Is Being Reported as 2026's Breakout Open-Source Coding AgentByteByteGoPolicy dependency / Stack layerCynative Ships an Open-Source Deep-Research Security Agent With Default-Deny Write PermissionsIT Security NewsStack layer / Threat pattern'Friendly Fire': AI Now PoC Tricks Claude Code and Codex Into Running README-Planted MalwareAI Now Institute (via The Hacker News)Stack layer / Threat patternProgress ShareFile Storage Zone Controllers Flagged for a Cybersecurity ThreatTech StartupsStack layer / Threat patternGitLost: prompt injection in GitHub Agentic Workflows leaks private repos with zero credentials (CVE-2026-44246)explainX (reporting Noma Security research)Stack layer / Threat patternDistributed Backdoors Prove Per-Step Agent Monitors Can Be Right on Every Step and Still Miss the AttackarXivStack layer / Threat patternNew MCP Spec Kills Old Risks but Opens Three Fresh Attack Surfaces, Akamai WarnsAkamaiStack layer / Threat patternCISA Warns Russian State Hackers Are Targeting Home and Office RoutersArs Technica