Feb 03, 2026 • Vulnerability | #Remote Code Execution #Command Injection #Prompt Injection

DIY AI bot farm OpenClaw is a security 'dumpster fire' - theregister.com

The OpenClaw AI bot farm is plagued by critical security flaws, including a one-click remote code execution vulnerability and two command injection vulnerabilit...

Read Analysis →

Feb 03, 2026 • Vulnerability | #DockerDash #Meta-Context Injection #Remote Code Execution

Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata - The Hacker News

A critical vulnerability, codenamed DockerDash, in Docker's Ask Gordon AI assistant allowed remote code execution and data exfiltration. This "Meta-Co...

Read Analysis →

Feb 03, 2026 • Vulnerability | #CVE-2026-25253 #Remote Code Execution #Token Exfiltration

Vulnerability Allows Hackers to Hijack OpenClaw AI Assistant - SecurityWeek

A critical token exfiltration vulnerability, tracked as CVE-2026-25253, was discovered in the OpenClaw (Moltbot/Clawdbot) AI assistant. This one-click remote co...

Read Analysis →

Feb 02, 2026 • Vulnerability | #OpenClaw #Remote Code Execution #AI Coding Assistants

OpenClaw Vulnerability Exposes AI Coding Assistants to Single-Click Remote Code Execution - WebProNews

The OpenClaw vulnerability in AI coding assistants allows single-click Remote Code Execution (RCE) by exploiting the trust relationship between developers and A...

Read Analysis →

Feb 02, 2026 • Vulnerability | #CVE-2026-25253 #Remote Code Execution #Cross-Site WebSocket Hijacking

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link - The Hacker News

A high-severity vulnerability, tracked as CVE-2026-25253, in OpenClaw allows one-click remote code execution (RCE) via a crafted malicious link. This exploit le...

Read Analysis →

Dec 29, 2025 • Vulnerability | #Prompt Injection #AI Supply Chain Poisoning #Remote Code Execution

Top 5 real-world AI security threats revealed in 2025 - csoonline.com

Prompt injection is a prevalent AI-specific vulnerability where Large Language Models (LLMs) misinterpret external data as executable instructions, bypassing in...

Read Analysis →

Dec 06, 2025 • Vulnerability | #Prompt Injection #Remote Code Execution #AI IDEs

Researcher Uncovers 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks - The Hacker News

Security researcher Ari Marzouk disclosed "IDEsaster," a collection of over 30 vulnerabilities, with 24 assigned CVEs, affecting various AI-powered In...

Read Analysis →

Nov 03, 2025 • Vulnerability | #CVE-2024-12366 #Remote Code Execution #Agentic AI

How Code Execution Drives Key Risks in Agentic AI Systems | NVIDIA Technical Blog - NVIDIA Developer

The article details a Remote Code Execution (RCE) vulnerability, tracked as CVE-2024-12366, affecting agentic AI systems that execute LLM-generated code without...

Read Analysis →

Oct 09, 2025 • Vulnerability | #Indirect Prompt Injection #Remote Code Execution #Agentic AI

From Assistant to Adversary: Exploiting Agentic AI Developer Tools - NVIDIA Developer

Attackers can achieve remote code execution (RCE) on developer machines by leveraging indirect prompt injection against agentic AI developer tools. This is acco...

Read Analysis →

Oct 08, 2025 • Vulnerability | #Indirect Prompt Injection #Command Injection #Remote Code Execution

How Your AI Chatbot Can Become a Backdoor - TrendMicro

An advanced attack chain exploits an LLM chatbot through indirect prompt injection (OWASP LLM01:2025) to achieve system prompt leakage and abuse excessive agenc...

Read Analysis →

Oct 02, 2025 • Vulnerability | #Remote Code Execution #Prompt Injection #Retrieval-Augmented Generation

Practical LLM Security Advice from the NVIDIA AI Red Team | NVIDIA Technical Blog - NVIDIA Developer

The NVIDIA AI Red Team highlights critical vulnerabilities in LLM-based applications, most notably Remote Code Execution (RCE) via prompt injection when LLM-gen...

Read Analysis →

Aug 21, 2025 • Vulnerability | #SQL Injection #Remote Code Execution #LLM-based AI

AI coding tools gain security — but the controls do not cut it - ReversingLabs

AI coding tools like Claude Code integrate security features to identify common vulnerabilities such as SQL injection, XSS, RCE, and SSRF during development wor...

Read Analysis →

Aug 17, 2025 • Vulnerability | #Prompt Injection #Remote Code Execution #ASCII Smuggling

LLMs + Coding Agents = Security Nightmare - Marcus on AI | Gary Marcus | Substack

The article highlights critical security vulnerabilities in LLMs integrated with coding agents, primarily exploiting advanced prompt injection techniques. Attac...

Read Analysis →

Aug 17, 2025 • Vulnerability | #Prompt Injection #Remote Code Execution #ASCII Smuggling

LLMs + Coding Agents = Security Nightmare - Marcus on AI

The article highlights novel prompt injection techniques, such as ASCII Smuggling and hidden instructions in public code repositories, designed to be impercepti...

Read Analysis →

Aug 06, 2025 • Vulnerability | #CVE-2025-49596 #Remote Code Execution #Malicious OAuth Proxying

The MCP Security Survival Guide: Best Practices, Pitfalls, and Real-World Lessons - Towards Data Science

The article details critical security vulnerabilities within Model Context Protocol (MCP) deployments, including a remote code execution exploit (CVE-2025-49596...

Read Analysis →

Jul 01, 2025 • Vulnerability | #CVE-2025-49596 #Remote Code Execution #0.0.0.0 Day

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits - The Hacker News

A critical remote code execution (RCE) vulnerability, CVE-2025-49596 (CVSS 9.4), has been identified in Anthropic's Model Context Protocol (MCP) Inspector,...

Read Analysis →

May 01, 2025 • Vulnerability | #Prompt injection #Remote Code Execution #AI Agent

AI Agents Are Here. So Are the Threats. - Unit 42

AI agentic applications face significant security threats, including prompt injection, tool misuse, and unsecured code interpreters, which can result in informa...

Read Analysis →