SourcesOpenClaw Security Crisis 341 Malicious Skills CVE-2026-25253The Hacker News·high signalCVE-2026-25253 CVSS 8.8 one-click RCE. 42665 exposed instances. 341 of 2857 ClawHub skills malicious (12%). 335 traced to coordinated ClawHavoc operation.SourceSource pageThe Hacker News↳ Follow the threadPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternMalicious agent skills evade every scanner: HKUST's SkillCloak beats detectors 90%+ of the time, SkillDetonate catches 97%Help Net SecurityStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat patternOpenClaw ships broad July 6 platform update: GPT-5.6 support, external harness attach, hardened provider I/OReleasebotStack layer / Threat patternThe Hacker News 'ThreatsDay' Roundup Leads With AI Compute Hijacking and BlueHammer RansomwareThe Hacker NewsStack layer / Threat patternGhostApproval: symlink flaw turns human-in-the-loop into a rubber stamp across 6 coding agentsCyber Security NewsStack layer / Threat patternUnit 42: AI-agent npm packages become a prime supply-chain target in H1 2026Unit 42 (Palo Alto Networks)