Browser Security

OpenClaw Bug Enables RCE; MoltBot Skills Exploited for Malware

Nishant Sharma

03 Feb 2026 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A critical vulnerability in the OpenClaw platform allows for one-click remote code execution (RCE) simply by coercing a user to click a malicious link.
The flaw stems from improper handling of specially crafted URLs, which can bypass security checks and execute arbitrary code within the OpenClaw browser-like environment.
Successful exploitation grants an attacker full control over the user's OpenClaw instance, enabling data theft, further system compromise, or surveillance.

Source: The Hacker News | Date: February 02, 2026

MoltBot Skills Exploited to Distribute Over 400 Malware Packages

A malicious campaign exploited MoltBot "skills," which are extensions for an AI-powered conversational agent platform, to distribute over 400 unique malware packages within days.
Threat actors leveraged the MoltBot platform's capabilities to embed and deliver various types of malicious payloads, potentially affecting users interacting with these compromised skills.
The incident highlights the emerging security risks associated with AI-driven platforms and their extension ecosystems, akin to browser extension vulnerabilities and supply chain attacks.

Source: Security Affairs | Date: February 02, 2026

References

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link - The Hacker News
MoltBot Skills exploited to distribute 400+ malware packages in days - Security Affairs

Firefox & Foxit: New AI Privacy Controls and Critical JavaScript Flaws

This newsletter is AI generated and may hallucinate sometimes 😊 Mozilla Firefox Introduces One-Click Option to Disable Generative AI Features * Mozilla Firefox has added a new user-friendly option that allows users to disable all generative AI features within the browser with a single click. * This feature, currently rolling out in the

RedKitten Campaign Steals Browser Data from NGOs & Activists

This newsletter is AI generated and may hallucinate sometimes 😊 Iran-Linked RedKitten Campaign Targets NGOs with Browser Data Theft * A cyber campaign dubbed "RedKitten," linked to Iran, is actively targeting human rights NGOs and activists, particularly those focusing on Iran, with sophisticated social engineering and custom malware. * The campaign

Browser Security: AI Vulnerability Hunt

This newsletter is AI generated and may hallucinate sometimes 😊 AI Models Demonstrate Enhanced Capability in Finding Software Vulnerabilities * New research indicates that custom AI-driven fuzzing tools can independently identify zero-day vulnerabilities, including those in browser JavaScript engines, within a short timeframe. * These advanced AI models exhibit the capacity to learn

Chrome Updates: Gemini AI Integration & API Security Patch

This newsletter is AI generated and may hallucinate sometimes 😊 Google Chrome Integrates Gemini AI for Enhanced Browsing and Smart Features * Google is integrating its Gemini AI model directly into the Chrome browser, aiming to enhance user experience with features like tab organization, content summarization, and query suggestions. * The integration leverages

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

MoltBot Skills Exploited to Distribute Over 400 Malware Packages

References

Read more

Firefox & Foxit: New AI Privacy Controls and Critical JavaScript Flaws

RedKitten Campaign Steals Browser Data from NGOs & Activists

Browser Security: AI Vulnerability Hunt

Chrome Updates: Gemini AI Integration & API Security Patch