- March 3, 2026
CVE-2026-25253: WebSocket Hijacking in OpenClaw AI Agents
A CVSS 8.8 vulnerability in OpenClaw lets attackers hijack agent sessions via cross-site WebSocket. The attack chain, what each step does, and how to add defense-in-depth.
- February 24, 2026
Every protocol your agent speaks, scanned
AI agents talk over HTTP, MCP, and WebSocket. Each protocol has its own attack surface. Here's what can go wrong on each one.