9 matches found
CVE-2026-35631 OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands
OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unauthorized modifications. Attackers without admin privileges can execute mutating control-plane actions by directly invoking affected ACP commands to bypass authorization gates...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of the operator.admin scope in mutating internal ACP chat commands. An attacker can perform unauthorized mutating control-plane actions by...
Collaborative Intelligence: Topic Modelling of Large Language Model Use in Live Cybersecurity Operations
Objective: This work describes the topic modelling of Security Operations Centre SOC use of a large language model LLM, during live security operations. The goal is to better understand how these specialists voluntarily use this tool. Background: Human-automation teams have been extensively...
Leaked Black Basta Ransomware Chat Logs Reveal Inner Workings and Internal Conflicts
More than a year's worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between...
cention-chatserver 跨站脚本漏洞
cention-chatserver is a tool to run FastChatMCAM in ferite-webserver. A cross-site scripting vulnerability exists in cention-chatserver version 3.8.0-rc1, which stems from a problem with the function formatBody in the file lib/InternalChatProtocol.fe, where manipulation of the parameter body can...
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti
Yanluowang Ransomware Leaks Analysis: Organization, Collaboration with HelloKitty, Babuk and Conti By Jambul Tologonov· November 22, 2022 Introduction On October 31, 2022, Yanluowang’s TOR site was hacked displaying a message “check and mate!! Yanluowang Matrix chat hacked @yanluowangleaks Time’s...
Authorization Bypass
github.com/relatedcode/messenger is vulnerable to authorization bypass. The vulnerability exists because the application permissions are not properly handled which allows an attacker to access internal chat logs of any registered user on the server...
The Conti ransomware leaks
On February 27, an individual with insights into the Conti ransomware group started leaking a treasure trove of data beginning with internal chat messages. Conti is responsible for a number of high profile attacks, including one against the Irish Healthcare system which has cost more than $48...
Italian team discoveries flaw in Ruzzle protocol, serious menace to privacy
We are in digital era, everything is connected to the large networks and applications benefit of even more complex devices that deeply interact with owner, in this scenario security requirements assume a crucial importance and security of overall architecture also depend on security of single...