CVE-2026-34765

CVE-2026-34765 : Electron prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5 has a window.open() targeting flaw where the named-window lookup is not scoped to the opener’s browsing context group. A renderer could navigate a child window opened by a different renderer if both share the same targe...

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with...