These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.
The Hacker News

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw integrates VirusTotal Code Insight scanning for ClawHub skills following reports of malicious plugins, prompt injection & exposed instances.
IEEE

Dialogue Injection Attack: Jailbreaking LLMs through Context Manipulation

Abstract: Large language models (LLMs) have demonstrated significant utility in a wide range of applications; however, their deployment is plagued by security vulnerabilities, notably jailbreak ...
IEEE

Optimal Secure Control for Cyber-Physical Systems Under False Data Injection Attacks via Incremental Iterative Q-Learning Algorithm

Abstract: An incremental iterative Q-learning algorithm (IIQLA) is proposed to tackle the optimal secure control problem for cyber-physical systems under false data injection attacks. Within a ...
SecurityWeek

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks

The majority of the 1.4 million React2Shell exploitation attempts GreyNoise saw in a week deployed cryptominers and reverse ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...
The Hacker News

New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December 2025.