News Feed

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.exec_module of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /admin_single_student_update.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation of the argument student_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

The more I used Claude Code, the messier my ~&#x2F;.claude got.<p>I started out thinking one global config was fine — just put the skills and MCP servers everyone needs at the user level and call it done. But over time I was wearing two hats: a frontend developer at my day job, and a fullstack developer on side projects. The configs started bleeding into each other.<p>The specific frustrations that pushed me over the edge: - Project-level settings had to be redone for every new repo - Marketplace and plugin-based configs needed manual toggling depending on which context I was in - Trying an experimental setup, then cleaning it up afterward, was tedious every time<p>Beyond config mess, the bigger realization was about personas. As I started doing more AI agent development, my developer identity kept splitting. More roles, more personas — and a single global Claude Code environment can&#x27;t cleanly represent all of them.<p>That&#x27;s when I thought: nvm and pyenv let you switch environments by profile. Why not Claude Code? So I built clenv.<p>clenv manages multiple Claude Code profiles. Each profile is an isolated ~&#x2F;.claude directory (CLAUDE.md, MCP servers, hooks, agents, skills) backed by its own git repository. Free and open source (MIT).<p><pre><code> clenv init # backs up ~&#x2F;.claude, creates default profile clenv profile create work --use # create + switch instantly clenv profile create agent-prod --from agent-dev # clone from existing clenv commit -m &quot;add GitHub MCP server&quot; clenv diff HEAD~1..HEAD clenv log --oneline clenv revert abc123f clenv tag v1.0 -m &quot;production agent config&quot; </code></pre> Teams can export a baseline and let members layer personal changes on top:<p><pre><code> clenv profile export team-standard -o team.clenvprofile clenv profile import team.clenvprofile --use </code></pre> MCP API keys are automatically redacted during export.<p>Per-directory auto-switching works like .nvmrc:<p><pre><code> clenv rc set work # pin profile to this directory clenv rc show </code></pre> Written in Rust, statically linked, zero runtime deps. macOS and Linux.<p><pre><code> brew tap Imchaemin&#x2F;clenv &amp;&amp; brew install clenv cargo install clenv </code></pre> GitHub: <a href="https:&#x2F;&#x2F;github.com&#x2F;Imchaemin&#x2F;clenv" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;Imchaemin&#x2F;clenv</a><p>Would especially love feedback from people doing AI agent development — that&#x27;s the use case where environment isolation feels most important.

A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Subject 1 results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.

A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been made available to the public and could be used for attacks.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Author here. ClawShield is a security proxy that sits in front of OpenClaw (open-source AI gateway) and scans all inbound&#x2F;outbound messages.<p>The core is an HTTP&#x2F;WebSocket reverse proxy in Go (~6k lines) with four scanners:<p>1. Prompt injection detection - three tiers: regex heuristics (role overrides, instruction injection, delimiter attacks, encoding attacks), structural analysis (base64-decoded instruction blocks, imperative verb density scoring), and canary token leak detection.<p>2. Secrets&#x2F;PII scanning - regex argument filters applied to decoded JSON values (defeats unicode escape bypasses like \u0070assword).<p>3. Vulnerability scanning - SQLi (UNION, tautologies, blind with SLEEP&#x2F;BENCHMARK), SSRF (private IPs, cloud metadata at 169.254.169.254, decimal&#x2F;hex IP encoding, dangerous schemes like gopher:&#x2F;&#x2F;), path traversal (double URL-encoding, null bytes), command injection (shell metacharacters, backtick execution), XSS.<p>4. Malware detection - magic bytes for PE&#x2F;ELF&#x2F;Mach-O, YARA-like signature rules for reverse shells and C2 frameworks, archive bomb detection via compression ratio, Shannon entropy analysis.<p>Policy engine is deny-by-default YAML. You define tool allowlists, denylists, per-tool argument filters, domain allowlists, and per-agent&#x2F;per-channel restrictions. Every decision is logged to SQLite.<p>Optional extras: iptables egress firewall (Go, generates validated rules from YAML) and eBPF kernel monitor (Python&#x2F;BCC - traces execve, tcp_v4_connect, openat2, setuid for fork bomb&#x2F;privesc&#x2F;port scan detection).<p>Docker quickstart is 3 commands. Ten cross-compiled binaries on the release (proxy + setup wizard for linux&#x2F;mac&#x2F;windows, amd64&#x2F;arm64).<p>We run this in production at clawshield.sleuthco.ai.<p>I built this because I was contributing security patches to OpenClaw and the netfilter suite and kept seeing the same gap: the AI ecosystem has sophisticated multi-agent routing but no standardized way to inspect and control what flows through it.<p>Happy to answer questions about the scanner architecture, policy engine, or threat model.

A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

I&#x27;ve been running Claude agents for various automation tasks — monitoring crypto news, syncing Todoist, running health checks — and I kept hitting the same problem: there&#x27;s no clean way to deploy an agent that just runs on a schedule without a human babysitting it.<p>Every agent framework I looked at was built around chat interfaces or one-shot workflows. I wanted something closer to cron for AI agents — define a task, give it a schedule, let it run forever. So I built Ductwork.<p>You define tasks as simple JSON files — a prompt, a schedule, optional memory and skills — and ductwork handles scheduling, execution, retries, and history. The agents have bash, file read&#x2F;write, and that&#x27;s it. No fancy abstractions.<p>The thing that makes it actually useful for unattended operation:<p>Persistent memory — agents write to a memory directory between runs. My Bitcoin news monitor remembers which articles it&#x27;s already reported on. Next run, it only flags new ones.<p>Security boundaries — if you&#x27;re letting agents run unsupervised, you need guardrails. Per-task tool whitelists, path restrictions, bash command filters. A monitoring task can&#x27;t accidentally rm -rf something.<p>Run history and observability — every run is tracked with status, duration, token usage, and errors. REST API for everything so you can integrate with whatever alerting you already use.<p>It scales from a single process (ductwork start) to distributed — same binary with --mode=control runs a task queue, --mode=worker on other machines polls for work. No new dependencies, just HTTP.<p>Single Go binary, go install and you&#x27;re running. ~3,500 lines, only deps are the Anthropic SDK and Cobra.<p>This is definitely not a finished product — it&#x27;s early and there&#x27;s a lot I want to add. But it&#x27;s functional and I&#x27;d love for people to download it, play around with it, and let me know what they think. Feedback, ideas, issues — all welcome.<p><a href="https:&#x2F;&#x2F;github.com&#x2F;dneil5648&#x2F;ductwork" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;dneil5648&#x2F;ductwork</a>

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. [...]

The all-out air assault on the Islamic Republic might be the biggest gamble of the president’s career.

1. <i>Specs and plans are source code</i>: Specs and plans live in git alongside source code, not in chat history. A new agent reads arch.md for the big picture, then its specific spec. You always know why something was built.<p>2. <i>Three models review every phase</i>: Claude, Gemini, and Codex catch almost entirely different bugs. No single model found more than 55% of issues. If you only review with the model that wrote the code, you&#x27;re missing half the bugs. 20 bugs caught before shipping. Claude Code found 5 bugs, Gemini and Codex caught another 15, including a severe security issue Claude missed.<p>3. <i>Enforce the process, don&#x27;t suggest it</i>. A state machine forces Spec → Plan → Implement → Review → PR. The AI can&#x27;t skip steps. Tests must pass before advancing. AIs don&#x27;t stick to the plan by themselves, you need rails.<p>4. <i>Annotate, don&#x27;t edit</i>. Most of the work is writing specs and reviews that guide the code, not hacking at files in an open-ended chat.<p>5. <i>Agents coordinate agents</i>. An architect agent spawns builder agents into isolated git worktrees. You direct the architect; it directs the builders. They message each other async.<p>6. <i>Manage the whole lifecycle</i>. Most AI tools help you write code faster — maybe 30% of the job. The other 70% is planning how, reviewing, integrating, deployment scripts, managing staging vs prod. Have AI run the whole pipeline from spec to PR and beyond.<p><i>Overall result</i>: One engineer able to produce what a team of 3-4 would usually do. Measured 1.2 points better code on a 10 point scale vs claude code. Downsides: takes a lot longer, much more token usage, but still reasonable at $1.60 per PR.<p>We open sourced it: https:&#x2F;&#x2F;github.com&#x2F;cluesmith&#x2F;codev More details and raw results: https:&#x2F;&#x2F;cluesmith.com&#x2F;blog&#x2F;a-tour-of-codevos&#x2F;

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 109.2 will fix this issue. This patch is called 08937a3c5d672a242d68f53e9fccf8a748820ef3. You should upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.

A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local position. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.