Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the system.run process when PowerShell encoded-command wrappers such as -EncodedCommand, -enc, or -e are used. An attacker can bypass approval mechanisms and...

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal...

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the...

Fake Xeno and Roblox Utilities Used to Install Windows RAT, Microsoft Warns

Fake Xeno and Roblox gaming tools are spreading a Windows RAT remote access trojan using PowerShell and LOLBins, Microsoft Threat Intelligence warns...

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

CVE-2026-21509 Office Kill-Bit Manager PowerShell script to...

CVE-2026-3277

The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...

EUVD-2026-9030

The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...

CVE-2026-3277

The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...

CVE-2026-3277

The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...

CVE-2026-3277

The vulnerability CVE-2026-3277 affects PowerShell Universal prior to version 2026.1.3, where the OpenID Connect (OIDC) client secret is stored in cleartext in the .universal/authentication.ps1 script. An attacker with read access to that file can obtain the OIDC client credentials, leading to po...

CVE-2026-3277

The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...

CVE-2026-3277

The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...

Trojanized Gaming Tools Spread Java-Based RAT via Browser and Chat Platforms

Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat platforms to distribute a remote access trojan RAT. "A malicious downloader staged a portable Java runtime and executed a malicious Java archive JAR file named...

PT-2026-22344

The OpenID Connect OIDC authentication configuration in PowerShell Universal before 2026.1.3 stores the OIDC client secret in cleartext in the .universal/authentication.ps1 script, which allows an attacker with read access to that file to obtain the OIDC client credentials...

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to...

📄 Icinga for Windows 1.13.3 Private Key Disclosure

This Metasploit module identifies and exploits insecure default ACL permissions in vulnerable versions of the Icinga for Windows PowerShell Framework. The certificate directory is created with overly permissive read access for the BUILTIN\Users group, allowing any local user to access the...

OS Command Injection

systeminformation is vulnerable to OS Command Injection. The vulnerability is due to direct concatenation of the user-supplied drive parameter into a PowerShell command in the fsSize function without proper sanitization, which allows an attacker to execute arbitrary commands on Windows systems wh...

Exploit for Command Injection in Microsoft

CVE-2025-54100-BYPASS- CVE-2025-54100 POC "simple" Bypass Patc...

📄 Icinga for Windows 1.13.3 Private Key Exposure

Icinga for Windows PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 install the certificate directory with insecure default permissions. The directory C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate is created with BUILTIN\Users:RX permissions,...

New ClickFix Attack Targets Crypto Wallets and 25+ Browsers with Infostealer

Researchers at CyberProof have identified a new fake captcha campaign linked to the ClickFix operation. This stealthy infostealer targets over 25 browsers, cryptocurrency wallets like MetaMask, and gaming accounts by tricking users into executing malicious PowerShell commands...