LIVE THREATS
HIGH Malicious npm Package Targets Claude AI Users via Supply Chain Attack // HIGH Multi-Agent LLM System Discovers 29 Zero-Day Vulnerabilities in Open-Source Projects // HIGH Russia-Linked GreyVibe Weaponises ChatGPT and Gemini Across Full Attack Lifecycle // HIGH Russian GreyVibe Group Weaponises ChatGPT and Gemini for Cyberespionage // MEDIUM SQLite Bans Agentic Code Submissions as AI Bug Report Floods Begin // MEDIUM AI Bills of Materials Emerge as Critical Tool for ML Supply Chain Risk // HIGH Anthropic's Claude Mythos Autonomously Uncovers 10,000 Critical Software Flaws // HIGH LLM Coding Agents Collapse Under Structural Constraints, Study Finds // MEDIUM SentinelOne Prompt Security Targets Agentic AI Trust Verification Gap // MEDIUM Google's Gemini Spark Agent Raises Prompt Injection Risks at Enterprise Scale //
OPENCLAW

Openclaw

3 reports
All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning
Critical OpenClaw flaw lets low-privilege attackers silently seize full admin control
ATLAS OWASP CRITICAL Active exploitation · Immediate action required Ars Technica Security ▲ 9.2

Critical OpenClaw flaw lets low-privilege attackers silently seize full admin control

A critical privilege escalation vulnerability (CVE-2026-33579) in OpenClaw, a viral agentic AI tool, allowed attackers with the lowest-level pairing permissions to silently gain full administrative …

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service