Threat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens. According to a disclosure by OX Security, the campaign involves fake “CLAW” token airdrops that promise thousands of dollars in rewards. Developers are being tricked into malicious GitHub repositories and discussions,…
Tag: OpenClaw’s
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
OpenClaw Flaw Enables AI Log Poisoning Risk
A vulnerability has been identified in OpenClaw’s AI assistant that could allow attackers to insert crafted content into system logs. The flaw stems from how certain WebSocket headers were logged, creating a potential log poisoning risk in AI-assisted workflows. “This issue is primarily an indirect prompt injection risk and depends on downstream log consumption behavior.…