当AI助手变成“特洛伊木马”:OpenClaw安全危机警示录

2026年3月,被誉为"增长最快的开源AI Agent项目"的OpenClaw遭遇严峻安全考验。安全研究者在短时间内追踪到针对其用户的全链条攻击矩阵:攻击者通过NPM恶意依赖包、伪造GitHub组件仓库实施供应链投毒,并利用认证控制逻辑缺陷完成渗透。这一系列结构化攻击表明,针对OpenClaw的常态化、低门槛渗透能力已形成。

FortiGate Edge Intrusions: Stolen Service Accounts Lead to Rogue Workstations and Deep AD ...

Throughout early 2026, SentinelOne’s Digital Forensics & Incident Response (DFIR) team has responded to several incidents where FortiGate Next-Generation Firewall (NGFW) appliances have been ...
Bleeping Computer

Latest Exploit Kit news

The RIG Exploit Kit is undergoing its most successful period, attempting roughly 2,000 intrusions daily and succeeding in about 30% of cases, the highest ratio in the service's long operational ...
搜狐

信息窃取器隐蔽机制、数据泄露路径与纵深防御体系研究

随着网络犯罪生态系统的演进,信息窃取器(Infostealers)已从零散的攻击工具发展为高度模块化、产业化的恶意软件即服务(MaaS)产品。此类恶意代码不同于勒索软件的破坏性特征,其核心在于“静默潜伏”与“高效萃取”,旨在无感知地窃取用户凭证、会话 ...