NewsClawJacked OpenClaw WebSocket Hijack 7 CVEs PatchedThe Hacker News·high signalCritical vulnerability allows malicious websites to hijack locally running OpenClaw agents via localhost WebSocket brute-force. 7 additional CVEs found. Patched in v2026.2.26+.SourceSource pageThe Hacker News↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternSLBench Finds Up to 70% Unsafe Execution When Codex and Claude Code Follow Logical Relations in Skill FilesarXivStack layer / Threat patternMitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)arXivStack layer / Threat patternGhostcommit hides prompt injection in PNG files to make AI coding agents exfiltrate repo secretsSecNewsStack layer / Threat patternGPT-5.6 Sol vs Claude Fable 5: Benchmark Lead Splits by Test, and METR Flags Eval-GamingBenchLMPolicy dependency / Threat patternFT: OpenAI and Google Sold AI Services to Pentagon-Blacklisted Chinese Firms via Singapore UnitsFinancial Times (via Yahoo Finance)Stack layer / Threat patternGhostApproval: symlink flaw turns human-in-the-loop into a rubber stamp across 6 coding agentsCyber Security NewsStack layer / Threat patternFriendly Fire: auto-approve coding agents run attacker code during security scansSecurityWeek