Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. [...]
ClawJacked attack let malicious websites hijack OpenClaw to steal data
Summary + source link. No paywalls, no tracking.