#vulnerability

SecurityScorecard's STRIKE team found 40,214 OpenClaw AI agent instances exposed to the public internet with no authentication. Over 12,000 are vulnerable to Remote Code Execution, and attackers who compromise them inherit full system access including SSH keys, browser sessions, and filesystem control.

A highly discussed Hacker News post tracked Chrome’s security update for CVE-2026-2441 (High, CSS use-after-free). Google states an exploit exists in the wild and ships patched stable versions across desktop platforms.