Fintech Firm Figure Breached by ShinyHunters, Critical Flaws in OpenClaw AI and WordPress Emerge

Critical Zero-Click RCE Flaw (CVE-2026-25253) Hits OpenClaw AI Agent Framework

A critical zero-click remote code execution (RCE) vulnerability, CVE-2026-25253, has been discovered in the widely-used OpenClaw AI Agent Framework. The flaw allows a remote attacker to gain complete control of a developer's machine with minimal to no user int...

OpenClaw Founder Peter Steinberger Joins OpenAI Amidst Project's Security Turmoil

Peter Steinberger, the creator of the popular but embattled OpenClaw open-source AI framework, has announced he is joining OpenAI. The move, confirmed by OpenAI CEO Sam Altman, will see Steinberger focus on building the "next generation of personal agents." Th...

Python 'cryptography' Library Flaw (CVE-2026-26007) Leaks Private Key Information

A significant vulnerability, CVE-2026-26007, has been disclosed in the widely-used Python 'cryptography' package. The flaw, which affects versions prior to 46.0.5, is due to improper input validation on public keys. An attacker can supply a specially crafted w...

Critical 9.8 CVSS Unauthenticated Privilege Escalation Flaw Hits WordPress Plugin

A critical unauthenticated privilege escalation vulnerability, CVE-2025-14892, has been disclosed in the Prime Listing Manager WordPress plugin. The flaw, affecting versions up to and including 1.1, has been assigned a CVSS score of 9.8, reflecting its extreme...

Google and Entrust Form Strategic Partnership for AI-Driven Identity Security

Global security provider Entrust and tech giant Google have announced a strategic collaboration to integrate their technologies for AI-driven identity verification. The partnership aims to develop advanced solutions to combat the growing threat of sophisticate...

Google Attributes New 'CANFAIL' Malware Attacks in Ukraine to Russian State Actor

Google's Threat Intelligence group has attributed a new malware campaign targeting Ukrainian organizations to a suspected Russian nation-state actor. The report, published on February 15, 2026, details the use of a new malware framework dubbed 'CANFAIL'. This...

Patch Released for "ClawJacked" WebSocket Hijacking Flaw in OpenClaw AI Agent

A patch has been released for a high-severity vulnerability, dubbed "ClawJacked," in the OpenClaw AI agent. The flaw, fixed in version 2026.2.13, allowed a malicious website to hijack a locally running OpenClaw agent by abusing its WebSocket connection. An att...

Fedora Project Patches Vulnerabilities in Python-aiohttp Component for Fedora 43

The Fedora Project released an important security advisory on February 14, 2026, for its Fedora 43 distribution. The advisory, 2026-66cb8ecfc2, addresses vulnerabilities in the 'python-aiohttp' package, a key component for asynchronous HTTP clients and servers...

Firms Face 2026 Compliance Countdown for RBI and SAMA Cybersecurity Mandates

Cybersecurity firm Foresiet has published a strategic analysis for financial institutions navigating the upcoming 2026 compliance deadlines for external threat mandates from the Reserve Bank of India (RBI) and the Saudi Central Bank (SAMA). The guide addresses...

Blast Audit and SafePorter Formalize Researcher Relations with New VDPs

On February 15, 2026, cybersecurity firms Blast Audit and SafePorter each published new Vulnerability Disclosure Policies (VDPs). These policies provide a formal framework, including legal safe harbor, for security researchers to responsibly report vulnerabili...

Open-Source Malware Skyrockets by 75%, Sonatype's 2026 Report Warns

Update:A new report focuses on the npm package registry, detailing how attackers exploit it through techniques like typosquatting, dependency confusion, maintainer account takeover, and malicious install scripts. It introduces a 'shared responsibility' model, stressi...