ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...
SecurityWeek

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and other attacks.
SecurityWeek

Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data

More than 300 Chrome extensions were found to be leaking browser data, spying on users, or stealing user information.
eWeek

Fake AI Chrome Extensions Exposed 260,000 Users, Targeting Gmail

Over 260,000 users installed fake AI Chrome extensions that used iframe injection to steal browser and Gmail data, exposing ...
IEEE

Fine-grained Manipulation Attacks to Local Differential Privacy Protocols for Data Streams

Abstract: Local Differential Privacy (LDP) enables massive data collection and analysis while protecting end users' privacy against untrusted aggregators. It has been ...
IEEE

EMMA: Scaling Mobile Manipulation via Egocentric Human Data

Abstract: Scaling mobile manipulation imitation learning is bottlenecked by expensive mobile robot teleoperation. We present Egocentric Mobile MAnipulation (EMMA), an end-to-end framework training ...