TECH NEWS

‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery

Four vulnerabilities in the OpenClaw AI assistant can be chained together to plant backdoors on the underlying host, cybersecurity firm Cyera warns.

The bugs, collectively known as Claw Chain, allow an attacker with code execution privileges inside the sandbox to control the agent runtime and abuse it to compromise the system.

According to Cyera, the attacker can rely on prompt injections, malicious plugins, and compromised external input to trigger the attack chain and turn the AI into their own assistant.

After gaining code execution within the OpenShell sandbox, the attacker can exploit a race condition (CVE-2026-44113) to read files outside the mount root, or an exec allowlist analysis bug (CVE-2026-44115) to execute unapproved commands at runtime.

Successful exploitation of these issues, Cyera notes, allows the attacker to bypass sandbox restrictions and leak credentials, API keys, tokens, configuration files, and other sensitive data.

Next, the attacker can exploit an MCP...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

https://www.cnet.com/a/img/resize/4a7dc34963db8f9a51abae1ab77ec99b498be36f/hub/2024/07/25/50d61b9b-1c76-4678-9a92-f6eca531f4a8/nyt-mini-crossword-234876.jpg?auto=webp&fit=crop&height=675&w...

Today's NYT Mini Crossword Answers for Wednesday, May 20

Looking for the most recent Mini Crossword answer? Click here for today's Mini Crossword hints, as well as our daily answers and hints for The New York Times Wordle, Strands, Connections and Connections: Sports Edition puzzles. Need some help with today's Mini Crossword? It's

https://platform.theverge.com/wp-content/uploads/sites/2/2026/05/pre-media_26c0129_001.jpg?quality=90&strip=all&crop=0%2C10.732984293194%2C100%2C78.534031413613&w=1200

Mercedes’ electric AMG GT 4-door coupe can go 0-60 in 2 seconds

The era of ultra-high performance Mercedes EVs is here. The German automaker finally revealed its new super sedan, the AMG GT 4-door coupe, with technology borrowed from the automaker’s XX concept that last year made history by driving 24,901 miles in under 8 days at Nardò Ring in

https://cdn.mos.cms.futurecdn.net/JUFFcwkv7wLgdG3ReGqoBY-1718-80.jpg

Google’s new Gemini Omni AI can turn almost anything into video

* Google introduced Gemini Omni Flash * It aims to make video creation easier by letting users refine projects naturally, rather than using editing software * It's emphasizing transparency and safety through AI watermarking and identity protections Google’s next big AI move is aimed squarely at creativity. The company has

https://cdn.mos.cms.futurecdn.net/arr8DfDMhwxR9B9ApTAYkN-1920-80.jpg

Lego Batman: Legacy of the Dark Knight is ‘a real mish-mash’ of genres and gameplay features held together by having the Batman: Arkham series as its muse

Lego Batman: Legacy of the Dark Knight is a love song to the enduring legacy and decades-long adventures of the Caped Crusader, offering great fun for all the family. Newly added combat mechanics, difficulty levels, and a slimmer roster of characters with unique skills make for a well-rounded gameplay experience.

Read more

Today's NYT Mini Crossword Answers for Wednesday, May 20

Mercedes’ electric AMG GT 4-door coupe can go 0-60 in 2 seconds

Google&rsquo;s new Gemini Omni AI can turn almost anything into video

Lego Batman: Legacy of the Dark Knight is ‘a real mish-mash’ of genres and gameplay features held together by having the Batman: Arkham series as its muse

Google’s new Gemini Omni AI can turn almost anything into video