Aggregator

You must login to view this content

The unauthorized disclosure of functional code for a nascent Windows vulnerability has presented Microsoft with a formidable new

The post Zero-Day Chaos: The “BlueHammer” Leak and Microsoft’s High-Stakes Privilege Escalation Crisis appeared first on Penetration Testing Tools.

An ostensibly innocuous package for validating Google Gemini tokens manifested within the npm repository, yet beneath its rudimentary

The post The Gemini Trap: How a Fake AI Token Checker Stealthily Hijacks Developer Workstations appeared first on Penetration Testing Tools.

A new ransomware campaign is putting organizations on high alert. A financially motivated threat group known as Storm-1175 has been running fast-paced attacks targeting vulnerable, internet-facing systems — and deploying the Medusa ransomware as the final blow. What makes this group especially dangerous is how quickly it moves: from the moment it breaks in, attackers […]

The post Microsoft Warns Storm-1175 Exploits Web-Facing Assets 0-Day Flaws in Medusa Ransomware Attacks appeared first on Cyber Security News.

The architecture of account exploitation is undergoing a profound metamorphosis, as adversaries increasingly eschew traditional subversion in favor

The post The “EvilTokens” Surge: Why Device Code Phishing Exploded 37-Fold in 2026 appeared first on Penetration Testing Tools.

The March incursion targeting the Vivaticket ticketing platform did not merely strike a solitary enterprise, but rather convulsed

The post Cultural Crisis: How the Vivaticket Ransomware Attack Paralyzed the Louvre and 3,500 European Landmarks appeared first on Penetration Testing Tools.

The recent inadvertent exposure of the internal source code for one of the most prominent artificial intelligence instruments

The post The Claude Code Leak: How a 500,000-Line npm Blunder Became a Golden Ticket for Hackers appeared first on Penetration Testing Tools.

2026年，AI智能体被广泛应用，OpenClaw（俗称“龙虾”）凭借其自主决策与本地执行能力，成为企业与开发者的高频提效工具。然而，近期多家权威安全机构接连发布预警：OpenClaw正面临从供应链投毒到远程控制的多维安全威胁。

当内部员工私自部署此类“影子AI”资产，加之部分恶意Skills（插件）存在越权窃取核心数据的行为，传统边界安全防线正面临失效风险。针对这一现状，绿盟科技结合近期实战攻防与样本研判，基于深度威胁情报体系，输出了OpenClawAI供应链情报、OpenClaw失陷情报、OpenClaw钓鱼情报三大核心能力矩阵，为企业应对新型AI威胁提供“知其源、溯其踪、断其链”的实战支撑。

风险一：生态审核缺失下的“AI供应链投毒”

OpenClaw的扩展性高度依赖于其开放的Skills生态（如ClawHub）。监测发现，由于第三方平台缺乏严格的代码安全审核机制，攻击者可轻易植入后门插件，导致AI供应链投毒事件频发。

早在今年二月，绿盟天元实验室便发布了针对ClawHub平台恶意Skills风险的预警报告。持续跟踪表明，尽管OpenClaw官方已宣布开展安全治理，但截至目前，仍有大量高危插件存活，缺乏鉴别能力的非技术侧员工极易在无意间引入风险。

【应对一：OpenClawAI供应链情报——知其源】

绿盟科技依托全球样本监测网络，对主流市场的Skills持续进行动态清洗与深度行为分析。目前，绿盟情报已实现高危Skills黑名单（涵盖密钥窃取、远控后门等类别）的实时输出，并为企业梳理了经过安全验证的“可信Skills库”。企业可借此在插件安装侧建立风险评估机制，从源头切断AI供应链的投毒路径。

风险二： AI执行能力被滥用后的“失陷问题”

一旦恶意Skills被触发或相关底层漏洞被利用，OpenClaw实例即宣告失陷。攻击者可利用AI工具的高权限，静默执行系统命令、窃取浏览器凭证，甚至将其作为跳板发起内网横向渗透。

【应对二：OpenClaw失陷情报——溯其踪】

针对此类攻击，绿盟威胁情报已提取并覆盖了高质量的IOC（威胁指示器）。在EDR（终端）层面，精准定位恶意Skills文件的落盘Hash；在NDR（网络）层面，直击失陷主机主动外联黑产C2的异常流量特征。

此外，研究团队创新性地将“AI异常行为指纹”纳入情报规则库。绿盟情报可通过云端快速同步至本地设备，当内网出现违规外联或异常进程调用时，可实现快速告警并溯源失陷主机，消除“影子AI”的隐蔽潜伏风险。

风险三：诱导下载与钓鱼攻击

近期监测数据显示，黑产团伙正利用OpenClaw的热度，大肆构建钓鱼网络。攻击者针对普通业务人员，利用SEO精准投放高仿钓鱼网站，诱骗员工下载捆绑了木马程序的伪造版客户端，以此实施水坑攻击。

【应对三：OpenClaw钓鱼情报——断其链】

绿盟科技持续监控全网涉OpenClaw的数字资产与钓鱼源头，第一时间对伪造站点进行测绘并提取威胁情报。通过联动企业边界防护设备，在网关侧直接识别并封堵此类仿冒网站，斩断钓鱼攻击链条。

结语：构建AI应用的安全护栏

OpenClaw的普及是技术发展的必然，但其模糊的信任边界机制极易被利用。在强调“发展与安全并重”的当下，面对“龙虾”热潮，企业在享受提效的同时，需重点关注其伴生的安全盲区。

绿盟科技输出的三大专项情报，旨在为企业应对AI智能体威胁提供全生命周期的防御数据支撑。通过精准鉴别风险、提取高保真IOC与源头风险管控，为企业的AI应用构建安全护栏。

防御维度

风险场景

情报能力

知其源

插件引入风险

OpenClawAI供应链情报

溯其踪

失陷与异常行为

OpenClaw失陷情报

断其链

钓鱼站点访问

OpenClaw钓鱼情报

立即接入绿盟威胁情报，防范网络资产沦为恶意AI的法外之地。

https://nti.nsfocus.com/

Fortinet has issued a stark admonition regarding a critical vulnerability discovered within its FortiClient EMS (Endpoint Management Server)

The post Zero-Day Alert: Critical FortiClient EMS Flaw Under Active Exploitation—Patch Now! appeared first on Penetration Testing Tools.