Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are...

CVE-2026-53808

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

CVE-2026-53808 OpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

CVE-2026-53808 OpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

EUVD-2026-36314

OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration. Attackers can exploit this by reaching the affected apply path to apply workshop changes before...

CVE-2026-53808

OpenClaw prior to 2026.5.6 contains an approval policy bypass in the Skill Workshop apply flow, allowing attacker-controlled agent tool calls to set apply: true despite approvalPolicy: pending. This enables modification of workshop configurations without proper authorization when the affected app...

PT-2026-48738

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.6 Description An approval policy bypass exists in the Skill Workshop apply flow. This issue allows agent tool calls to set the apply variable to true even when the approvalPolicy is configured as pending. An...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.6 contained a security vulnerability. This vulnerability stemmed from a bypass of the approval policy in the Skill Workshop application process, allowing proxy tools to set appl...

IWCC 2026 Call for Papers

The 15th International Workshop on Cyber Crime, or IWCC, 2026 call for papers has been announced. It will be held this year in conjunction with the International Conference on Availability, Reliability and Security ARES 2026 in Link�ping, Sweden, August 24th through the 27th, 2026...

WordPress plugin: CMS für Motorrad Werkstätten plugin <= 1.0.0 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Régis SENET - ORHUS in WordPress Plugin CMS für Motorrad Werkstätten versions = 1.0.0...

OpenSource-WorkShop Connect-CMS 代码注入漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain a code injection vulnerability. This vulnerability stems from issues with the...

OpenSource-WorkShop Connect-CMS 代码问题漏洞

OpenSource-WorkShop Connect-CMS is a content management system developed by the OpenSource-WorkShop company, designed for easy website creation. Versions of OpenSource-WorkShop Connect-CMS prior to 1.41.0 and 2.41.0 contain code vulnerabilities. These vulnerabilities stem from the Page Management...

OpenSource-WorkShop Connect-CMS 代码问题漏洞

OpenSource-WorkShop Connect-CMS is a content management system used by the OpenSource-WorkShop company, designed for easy website creation. Versions of Connect-CMS prior to 1.41.0 and 2.41.0 contain code vulnerabilities due to cross-site scripting vulnerabilities in the Form Plugin file fields,...

Malicious Package

Overview editions-dev-workshop is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.4-alpha.2) +26 more potentially affected by CVE-2026-22030 via @remix-run/server-runtime (>=2.0.0-pre.0 <=2.17.2)

@remix-run/server-runtime NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.17.2 and more Source cves: CVE-2026-22030 Source advisory: SNYK:JS-REMIXRUNSERVERRUNTIME-14908428...

@buttery/tokens (>=0.1.2 <=0.1.10), @common-stack/frontend-stack-react (>=6.0.6-alpha.23 <=9.0.4-alpha.2) +18 more potentially affected by CVE-2025-61686 via @remix-run/node (>=2.0.0-pre.0 <=2.17.1)

@remix-run/node NPM version =2.0.0-pre.0, =0.1.2, =6.0.6-alpha.23, =6.0.6-alpha.28, =0.1.0, =5.6.0, =5.13.0, =5.6.0, =5.6.0, =0.1.36, =2.0.0, =2.10.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2025-61686 Source advisory: SNYK:JS-REMIXRUNNODE-14908858...

Malicious code in elf-stats-cocoa-workshop-459 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362f3da17da5b5a6cbb8124715f6d31867664acc26b4bbbe8537ba02c9dc9677 The package elf-stats-cocoa-workshop-459 was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192626 Malicious code in elf-stats-cocoa-workshop-459 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 362f3da17da5b5a6cbb8124715f6d31867664acc26b4bbbe8537ba02c9dc9677 The package elf-stats-cocoa-workshop-459 was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-202826

Malicious code in elf-stats-caroling-workshop-885 npm...

Malicious code in elf-stats-caroling-workshop-885 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2db8771c869601dd2f78c1ec9f6aba8fa7b5b059ebe97a5738a8a779466373f6 The package elf-stats-caroling-workshop-885 was found to contain malicious code...