Jurijs

Noticed this yesterday on Product Hunt. Anthropic is not holding back in their fight against OpenAI.

This seems like a very useful tool. I have way too many projects in ChatGPT with quite a long history, so I will definitely use this tool when I finally find time to move 100% away from ChatGPT.

Truffle Security found that creating a new API key in Google Cloud defaults to Unrestricted meaning it's applicable for every enabled API in the project, including Gemini

Thousands of API keys that were deployed as benign billing tokens are now live Gemini credentials sitting on the public internet

In a world full of ChatGPTs, be Claude.

again cloudflare is down 🫠

and no, this has nothing to do with Claude. this is the second website just now where I saw this

Not financial advice, but I’d expect IBM to rebound quite a bit. I still wouldn’t buy it in any case, I just don’t like the company, at least what it’s become.

Claude is great, but it can’t magically get rid of COBOL in a single day.

All of them hallucinate, that the nature of LLMs. On other hand Perplexity is not the brightest one :)

In social media I just see those scary cases.

But based on how many people are using it, it’s supposed to create some value, right?

Ok, besides that OpenClaw/Clawdbot can nuke your hard drive, email, and so on - do we have any examples where it was actually useful?

Can someone please provide a real example of how this bot actually did something net‑positive?

👇

From the ProgrammerHumor community on Reddit: oopiseSaidTheCodingAgent Explore this post and more from the ProgrammerHumor community

www.reddit.com/r/Programmer...

Kiro - Son of Anton😃

Cloudflare was down yesterday, I’m starting to lose track of all the major outages recently. 🫠

Bro, what’s going on with the headgear?

Upvote 🍀

Docker Swarm vs Kubernetes in 2026 — The Decipherist 10 years of Docker Swarm in production — 24 containers, two continents, live SaaS platform, zero crashes, $166/year. Side-by-side YAML comparisons, real production numbers, a working autoscaler that's smarter than K8s HPA, and a cost breakdown that should make any CTO uncomfortable.

Docker Swarm vs. Kubernetes in 2026 | Discussion

I think AI will not take our jobs. For example, a couple of years ago I was opening PRs to fix or update Terraform modules. Now I just opened a PR to improve a Claude module, which is basically instructions.

It’s the same thing. Before I was fixing code, now I’m fixing instructions.

I remember years ago doing some tests or getting analyses and the biggest struggle was trying to wrap my head around those dozens of metrics and terms. But now Claude/ChatGPT can just translate it all. What a time to be alive.

And it blew my mind how it was able to write a comprehensive analysis out of it!

I will still wait for the doctor’s comment, but this is really mind blowing.

I got my electrocardiography done today. They gave me just a dumb PDF without any doctor comments or anything, just pure data. Doctor comments will be added later, I hope. I decided to upload it to Claude and ChatGPT just to check if they could digest it and give me a summary.

🧵

First time hitting this one with Claude 🫠

Bro, what the heck! 🫠

GitHub is down again, and it hasn’t even been a week since the last outage I personally noticed. 🫠

Ok guys, it happened. I sold unused RAM today for almost 75% more than a year ago, when I tried to sell it. I had some left over after one of my PC upgrades. 🤑🤑🤑

Dunno why, but I was so pumped about the Claude 4.6 release. Honestly, I felt like a kid who got a new toy. My hands were itching to test it on my projects, and I even went to sleep way later than I should have. 😀

Bro, it's 2026 already

When I was copying the address from the German eBay order details, freaking Google translated the address and I copied and put the translated version of the address into my shipping label, basically the fountain in English.

And now the shipping failed to deliver and is coming back to me. 😞

I did learn and speak German, but if you stop using it, you eventually forget it. Long story short, I use Chrome auto-translate with German eBay, it just makes things a little easier.

And guess what happened.
👇

I messed up, I sent a package to the wrong address! And this one is on me!

I occasionally sell some unnecessary stuff on eBay, and since the biggest eBay in the EU is the German one, I usually post all my items there.
And German eBay has everything in German, as you probably guessed.

Again, GitHub Actions are down 🤔

1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks A critical vulnerability in OpenClaw, the open-source AI personal assistant trusted by over 100,000 developers, has been discovered and weaponized into a devastating one-click remote code execution exploit. Security researchers at depthfirst General Security Intelligence uncovered a logic flaw that, when combined with other vulnerabilities, could trigger a chain reaction. Allows attackers to gain complete control of victim systems via a single  malicious link , requiring no user interaction . Vulnerability Overview: Technical Attack Mechanics OpenClaw’s architecture grants AI agents “god mode” access to messaging apps, API keys, and unrestricted control of the local computer . While community enthusiasm surrounding the platform has driven rapid adoption, the security margin for error in such a high-privilege environment becomes razor-thin. Attribute Details Product OpenClaw (formerly ClawdBot/Moltbot) Vulnerability Type Unsafe URL Parameter Handling + Cross-Site WebSocket Hijacking Impact Unauthenticated Remote Code Execution with System-Level Access CVSS Score Critical (9.8+) Attack Vector Network (Single Malicious Link) The newly disclosed vulnerability exploits three distinct components working in sequence: unsafe URL parameter ingestion, immediate gateway connection without validation, and automatic transmission of authentication tokens. The exploitation chain begins with three seemingly benign operations occurring independently across the codebase. The app-settings.ts module blindly accepts the gatewayUrl query parameter from the URL without validation, then stores it directly in localStorage. Upon setting the application, the app-lifecycle.ts immediately triggers connectGateway(), which automatically bundles the security-sensitive authToken into the connection handshake to the attacker-controlled gateway server. 1-Click RCE Exploit Kill Chain source: depthfirst) This pattern creates a critical information disclosure vulnerability. The kill chain exploits an additional WebSocket origin validation flaw. Stage Description Visit User lands on malicious site. Load JS loads OpenClaw with malicious gatewayUrl . Leak authToken sent to attacker. Connect WebSocket opened to localhost . Bypass Safety guardrails disabled. Execute Attacker runs arbitrary commands. When victims visit a malicious webpage, attacker-injected JavaScript executes within their browser context, establishing a local connection to the victim’s OpenClaw instance running on localhost:18789. Unlike standard HTTP connections, browser WebSocket implementations do not enforce Same-Origin Policy protections; instead, they rely on server-side origin header validation, which OpenClaw omits entirely. This Cross-Site WebSocket Hijacking (CSWSH) enables the attacker to pivot through the victim’s browser as a proxy. Once authenticated via the stolen token, the attacker leverages the operator. admin and operator roles. approvals, and scopes to turn off safety mechanisms. An exec. approvals.set request turns off user confirmation prompts, while a config. patch request sets tools.exec.host to “gateway,” forcing command execution directly on the host machine rather than within containerized sandboxes . The final payload invokes node. invoke with arbitrary bash commands, achieving complete system compromise. Mitigations The OpenClaw development team rapidly addressed the vulnerability by implementing a gateway URL confirmation modal, eliminating the auto-connect without prompt behavior that enabled the attack. DepthFirst advises all users running versions before v2026.1.24-1 remain vulnerable and should upgrade immediately. Administrators should rotate authentication tokens and audit command execution logs for suspicious activity. This incident underscores the security risks inherent in granting AI agents unrestricted system access without robust validation of configuration changes and network connections. Organizations deploying OpenClaw should implement additional network segmentation, restrict outbound WebSocket connections from AI agent processes, and maintain strict audit logging for authentication token usage and privilege modifications. Follow us on Google News , LinkedIn , and X for daily cybersecurity updates. Contact us to feature your stories. The post 1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks appeared first on Cyber Security News .

1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks