Oasis Security discovers high-severity WebSocket hijacking flaw in OpenClaw AI agents. QuickLens Chrome extension compromised for crypto theft. South Korean tax agency leaks mnemonic phrase — $4.8M stolen. Google API keys expose Gemini access.
Oasis Security researchers discovered "ClawJacked", a high-severity vulnerability allowing malicious websites to hijack OpenClaw AI agent sessions via localhost WebSocket connections. Any website visited by a user running an OpenClaw agent could silently connect to the local WebSocket endpoint and issue commands.
Impact: Full agent takeover — file access, command execution, data exfiltration through the AI agent's permissions.
ws://localhost and send agent commandsMitigation: OpenClaw has released a patch requiring explicit origin allowlisting for WebSocket connections. Update immediately.
The popular Chrome extension "QuickLens" has been removed from the Chrome Web Store after security researchers discovered it had been compromised to steal cryptocurrency. The attackers used a ClickFix social engineering technique to inject malicious code into the extension's update pipeline.
Action: Remove QuickLens immediately. Audit any recent crypto transactions. Review all installed Chrome extensions.
South Korea's National Tax Service (NTS) accidentally included a cryptocurrency wallet mnemonic recovery phrase in a public press release. Within hours, attackers used the phrase to drain 6.4 billion won ($4.8M USD) from the associated wallet.
Lesson: Crypto key material must be treated with the same (or greater) sensitivity as classified documents. Multi-signature wallets and hardware security modules should be mandatory for government-held crypto assets.
Truffle Security researchers discovered approximately 3,000 Google Cloud API keys embedded in client-side JavaScript code across public websites. When the Gemini API is enabled on the associated Google Cloud projects, these keys provide unauthenticated access to Google's Gemini AI models.
Action: Never embed API keys in client-side code. Use server-side proxies, restrict API key permissions, and enable billing alerts.
AI-powered vulnerability management with 331,910+ CVEs indexed.
Start Free TrialStay secure. Stay vigilant.
🗡️ KENSAI Security Team