top of page
ALL POSTS
Agentjacking: How Attackers Trick AI Coding Agents Into Executing Malicious Code
Key Findings Agentjacking attacks trick AI coding agents into executing arbitrary code by injecting malicious payloads into Sentry error events, achieving 85% exploitation success rate At least 2,388 organizations exposed with valid injectable Sentry DSNs; attackers need only a publicly available credential to launch attacks OpenClaw AI agent vulnerable to hidden command injection through contact names, vCards, and location pins that bypass visual truncation and rendering Var
Jun 124 min read
Unauthenticated Root RCE Vulnerability in Critical Telnetd Flaw (CVE-2026-32746)
Key Findings * Critical unauthenticated remote code execution vulnerability in GNU InetUtils telnetd * CVE-2026-32746 with CVSS score of 9.8 * Affects all versions through 2.7 * Exploitable by sending crafted message during initial connection handshake * No authentication required to trigger vulnerability * Potential for complete system compromise Background The vulnerability was discovered by Israeli cybersecurity company Dream on March 11, 2026. It impacts the GNU InetUtils
Mar 182 min read
bottom of page
