WebSocket
-
ClawJacked flaw let malicious websites brute force local OpenClaw instances
A high severity OpenClaw vulnerability called ClawJacked let malicious websites brute force local management passwords at hundreds of guesses per second. OpenClaw issued a fix in version 2026.2.26 on February 26 to block the attack.
-
Malicious npm WhatsApp API ‘lotusbail’ found stealing tokens and linking attacker devices
A malicious npm package named lotusbail, downloaded more than 56,000 times, masquerades as a WhatsApp API while capturing authentication tokens, messages and contacts and linking an attacker device to victims’ WhatsApp accounts, Koi Security researchers said; ReversingLabs also disclosed related NuGet supply-chain malware.
-
APT36 uses Golang DeskRAT in spear‑phishing campaign against Indian government targets
Security researchers reported that APT36 (Transparent Tribe) used spear‑phishing to deliver a Golang remote access trojan called DeskRAT against Indian government targets, with the campaign targeting BOSS Linux, using multiple persistence methods and WebSocket C2.
