GHSA-3FV3-6P2V-GXWJ OpenClaw QQ Bot Extension missing SSRF Protection on All Media Fetch Paths

Impact QQ Bot Extension: Missing SSRF Protection on All Media Fetch Paths. QQ Bot media download paths were not consistently routed through the SSRF guard and allowlist policy. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...

GHSA-25WV-8PHJ-8P7R OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths

Impact Concurrent async auth attempts can bypass the intended shared-secret rate-limit budget on Tailscale-capable paths. Concurrent asynchronous shared-secret auth attempts could race the per-key rate-limit budget. OpenClaw is a user-controlled local assistant. This advisory is scoped to the...

GHSA-VC32-H5MQ-453V OpenClaw: /allowlist omits owner-only enforcement for cross-channel allowlist writes

Impact /allowlist omits owner-only enforcement for cross-channel allowlist writes. An authorized non-owner sender could attempt allowlist writes against a different channel. OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a...

@0xwork/connect (>=0.1.0 <=0.1.7), @agentholdings/agent-passport (>=0.1.0 <=0.1.5) +21 more potentially affected by CVE-2026-42423 via openclaw (>=2026.3.22 <=2026.4.5)

openclaw NPM version =2026.3.22, =0.1.0, =0.1.0, =0.8.3, =0.1.0, =2026.3.25, =0.0.0, =27.2.5, =1.1.0, =2.1.3, =2026.3.24-3, =0.14.39, =0.1.0, =0.1.1, =0.2.18 and more Source cves: CVE-2026-42423 Source advisory: SNYK:JS-OPENCLAW-15967229...

MAL-2026-2527 Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

MAL-2026-2523 Malicious code in @telekom-wfa/auth-core (npm)

Package is malware. Hardcoded Telegram credentials, data exfiltration, and preinstall script execution indicate malicious intent. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a2fe12e5542ae8cf1cf339c13c3480629ccfd6e2fb391427c4f1b17bbdc9f85 The package...

MAL-2026-2518 Malicious code in viewer-assets-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0022cddbfa3afc707bea5e0e70c8bff5b3249847bd891c628a1fd2d0dc9fa259 The package viewer-assets-generator was found to contain malicious code. Source: ghsa-malware...

MAL-2026-2870 Malicious code in black-moon-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c672e4ab8770773551a9ff9b6b95a5740894bd1c689154056f69e5da4fdb879 The package black-moon-js was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in gprofiler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4de7c58d59c5e16064d8ecf21d0f57675869c93be663ac27da95d040be7d0aff The package gprofiler was found to contain malicious code. Source: ghsa-malware 42c93390009c40d727cdfd4fedc3b160ff5e7e8730ec94ff196022996855d39c Any...

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling ..., while quietly functioning as...

MAL-2026-2865 Malicious code in @sie-ppr-web-checkout/app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 977089aabb00f7d390dd6bf7ad3e9038c4998ec2ccf93a2e38016f525c32f368 The package @sie-ppr-web-checkout/app was found to contain malicious code. Source: ossf-package-analysis...

Embedded Malicious Code

Overview @velora-dex/sdk is a SDK for the Velora API Affected versions of this package are vulnerable to Embedded Malicious Code that delivers a malicious payload through dist/index.js. An attacker uploaded a compromised version of the package directly to the npm registry. The payload runs a...

GHSA-WWFP-W96M-C6X8 OpenClaw: Pairing pending-request caps were enforced per channel instead of per account

Summary Before OpenClaw 2026.3.31, pending pairing-request caps were enforced per channel file instead of per account. On multi-account channel setups, requests from other accounts could fill the shared pending window and block new pairing challenges on an unaffected account. Impact This issue...

Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do

Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk...

GHSA-FVX6-PJ3R-5Q4Q OpenClaw's complex interpreter pipelines could skip exec script preflight validation

Summary Before OpenClaw 2026.4.2, exec script preflight validation could fail open on complex interpreter invocations such as pipes or other non-simple command forms. In those cases, script-content validation could be skipped entirely. Impact An attacker-controlled command shape could bypass the...

CVE-2026-34841

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

Malicious code in use-form-builder-plugin (npm)

Package is malware. Collects system info, exfiltrates data via HTTP/DNS, executes commands, and uses preinstall script for auto-execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdced38cb2f5f34bb91f39b16697369424bf1cbde84ca18363e78454b31d6ddc The packag...

Malicious code in commerce-utils (npm)

Malicious package due to data exfiltration to a suspicious host, combined with arbitrary code execution during preinstall. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3bb3d6d3a8a8898abe7e371e54753d5902a5062151888ccff6c656f5edac6ba6 The package commerce-utils...

A week in security (March 30 &#8211; April 5)

Last week on Malwarebytes Labs: That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords Blocking children from social media is a badly executed good idea Apple expands "DarkSword" patches to iOS 18.7.7 Malwarebytes Privacy VPN receives full third-party audit Wikipedia’s AI...

Malicious code in chess-sec-ssrf1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 25205345915fdf089bcbd90b35f9e852c02281bd7452805479d18c610063ac52 The package chess-sec-ssrf1 was found to contain malicious code. Source: ossf-package-analysis...