[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025

!\Podcast\ It's not you, it's your printer: State-sponsored and phishing threats in 2025https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-2-1.jpg In this episode, we unpack state-sponsored and phishing trends from the 2025 Talos Year in...

CVE-2026-41299

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013334 advisory. In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irqdatagetaffinitymask If ipisendmask|single is called with...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011294)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011294 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the chat.send gateway method. This allowed authenticated operator clients to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013006)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013006 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uarthandlectschange function in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010835)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010835 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in stru...

CVE-2026-41299

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP...

CVE-2026-41299 OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP...

CVE-2026-41299

OpenClaw before 2026.3.28 contains an authorization bypass in the chat.send gateway method. The vulnerability stems from gating ACP-only provenance fields on self-declared client metadata from the WebSocket handshake rather than the verified authorization state. As a result, authenticated operato...

PT-2026-33866

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007269)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007269 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uarthandlectschange function in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007415)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007415 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterateinoderef Change BUGON to proper error...

CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure

The 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sendpostpagesjson function in all versions up to, and including, 1.16.17. This makes it possible for unauthenticat...

Oxia affected by server crash via race condition in session heartbeat handling

Summary A race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timing with concurrent close calls, this can lead to either a...

UBUNTU-CVE-2026-31415

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6datagramsendctl Yiming Qian reported : I believe I found a locally triggerable kernel bug in the IPv6 sendmsg ancillary-data path that can panic the kernel via skbunderpanic local DoS. The core issue i...

CVE-2026-31415

CVE-2026-31415 affects Linux kernels where ipv6: ip6_datagram_send_ctl() accepts repeated IPV6_DSTOPTS, accumulating into a 16-bit opt_flen without deduplicating. This can cause opt_flen to wrap while dst1opt points to the last 2048-byte destination-options header, leading to under-headroom pushe...

PT-2026-32341

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the IPv6 sendmsg ancillary-data path where a mismatch occurs between a 16-bit length accumulator opt flen and a pointer to the last provided destination-options header...

CVE-2026-35664

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization...

CVE-2026-35662

OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope...