Intel Briefings

Authorities in the U.S., Germany, and Canada disrupted infrastructure behind Aisuru, Kimwolf, JackSkid, and Mossad. Reporting says the botnets had compromised more than 3 million IoT devices and were responsible for large extortion-driven DDoS activity.

CISA added three DarkSword-linked iOS bugs to the KEV catalog after researchers tied the exploit chain to cryptocurrency theft and cyberespionage campaigns. The chain includes CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, and can enable sandbox escape, privilege escalation, and remote code execution on vulnerable devices.

The FBI says Iranian actors linked to MOIS and the Handala ecosystem are using Telegram as command and control in malware attacks. The campaigns rely on social engineering to infect Windows systems and then exfiltrate screenshots and files for intelligence collection and data leaks.

SecurityWeek says an ongoing campaign has targeted thousands of Magento sites since February 27, with defacement artifacts observed across more than 15,000 hostnames. The scale suggests opportunistic scanning and exploitation against exposed or weakly managed commerce infrastructure.

SecurityWeek reported that hackers stole personal and health plan information from third-party benefits administrator Navia, affecting 2.7 million people. The exposure window ran from late December 2025 into mid-January 2026, making this a large-scale breach with likely regulatory and identity theft fallout.

SecurityWeek reported that CVE-2025-32975 is a critical authentication bypass flaw in Quest KACE SMA that may already be exploited against the education sector. Reporting says unauthenticated attackers can impersonate users and potentially gain full administrative control of internet-exposed appliances.

Researchers say VoidStealer is the first infostealer observed in the wild using hardware breakpoints to pull Chrome’s v20 master key from memory. That lets the malware bypass Application-Bound Encryption and decrypt protected browser data without traditional code injection or privilege escalation.

Astral announced on 2026-03-19 that it has entered an agreement to join OpenAI as part of the Codex team. Astral says Ruff, uv, and ty will continue as open source projects, but the move is still important because those tools sit deep in modern Python developer workflows.

JetBrains launched Koog for Java on 2026-03-20, bringing its agent framework to idiomatic Java teams without forcing Kotlin-specific patterns. The launch includes Spring Boot integration, multiple workflow strategies, persistence for recovery, and OpenTelemetry-based observability.

LangChain shipped langchain-anthropic 1.4.0 on 2026-03-17. The headline change is explicit prompt caching support for system messages and tool definitions, plus top-level cache_control delegation for Anthropic requests.

Anthropic moved 1M context for Opus 4.6 and Sonnet 4.6 to general availability and removed the special 1M rate limit tier. The same update also raises the media limit to 600 images or PDF pages for those long-context requests.

Anthropic now exposes token limits and capability metadata directly in the Models API. That should simplify runtime model selection and reduce hardcoded feature maps in agent tooling.

Anthropic added a way to hide visible thinking text while preserving signatures for continuity. This is useful for cleaner streaming UX when you still want extended thinking enabled under the hood.

GPT-5.4 expands OpenAI’s agent stack with built-in computer use, tool search, a 1M token context window, and native compaction. That puts more long-horizon agent behavior directly inside the Responses API.

Attackers are abusing Azure Monitor to send fake billing and fraud alerts from legitimate Microsoft infrastructure. Because the emails are sent by azure-noreply@microsoft.com and pass SPF, DKIM, and DMARC, they are more likely to evade filters and win user trust.

CISA added CVE-2026-20131 in Cisco Secure Firewall Management Center to the KEV catalog after active exploitation tied to the Interlock ransomware gang. The flaw is an unauthenticated deserialization bug that can allow remote code execution as root on exposed devices.

A compromised Trivy release and malicious GitHub Action tags distributed credential-stealing malware targeting SSH keys, cloud credentials, .env files, CI secrets, and tokens. Teams using Trivy in GitHub Actions should review exposure windows and rotate secrets if affected versions or tags were pulled.

Simon Willison highlighted OpenAI’s GPT-5.4 mini and nano launch, with lower prices and faster mini inference than the previous mini tier. The post is notable because it frames the release in practical terms, especially for cheap batch image description and lightweight CLI workflows, and notes that llm 0.29 already supports the new models.

LangSmith Fleet reframes Agent Builder as an enterprise workspace for creating, sharing, and governing fleets of agents. The launch adds agent identity, credential models, permission tiers, approval inboxes, and per-agent Slack bot identity, which makes it more interesting as an internal-agent control plane than just a builder UI.

Recent Vercel AI SDK releases include a fix that republishes v6 to the latest npm dist-tag and a patch exposing provider-reported Perplexity cost data in providerMetadata. If you are consuming the SDK in Node.js apps, this is worth checking before the next dependency bump because it affects install behavior and cost observability.

Windsurf Wave 13 adds first-class support for parallel multi-agent sessions, Git worktrees, side-by-side Cascade panes, and a dedicated terminal profile for more reliable agent execution. It also promotes SWE-1.5 Free as the default model for all users, which makes the release notable both for workflow changes and for broader access to the newer agent model.

CISA ordered federal agencies to patch Cisco Secure Firewall Management Center after CVE-2026-20131 was confirmed as actively exploited in the wild. The max-severity bug allows unauthenticated remote code execution as root and has been tied to Interlock ransomware activity.

Anthropic’s current Claude Code changelog lists version 2.1.81 with a new --bare mode for scripted print runs that skip hooks, LSP, plugin sync, and auto-memory. It also adds --channels permission relay for phone-routed approvals and includes fixes for Node.js 18 crashes, repeated OAuth re-authentication across concurrent sessions, proxy 400s, and a background task race that could hang output.

The DOJ and international partners disrupted infrastructure linked to AISURU, Kimwolf, JackSkid, and Mossad botnets. The operation targeted botnets that collectively infected about 3 million devices and were tied to DDoS attacks reaching 31.4 Tbps.

Google says Gemini 3.1 Pro is rolling out in preview across the Gemini API, Gemini CLI, Vertex AI, Gemini Enterprise, the Gemini app, and NotebookLM. The announcement positions it as a stronger reasoning model for complex tasks, with Google citing a verified 77.1% ARC-AGI-2 score and framing it as the new baseline for harder agentic and synthesis workflows.

LangChain’s new Open SWE project packages the internal coding-agent patterns used by teams like Stripe, Ramp, and Coinbase into an open-source framework built on Deep Agents and LangGraph. The interesting part is not just another agent, but the reference architecture: isolated sandboxes, curated toolsets, rich startup context, GitHub/Slack/Linear integrations, and subagent orchestration.

Attackers reportedly began exploiting CVE-2026-33017 in Langflow within hours of public disclosure. The flaw enables unauthenticated remote code execution in exposed Langflow instances and matters for Python-based AI workflow environments.

IBM’s Hugging Face release pairs Mellea 0.4.0 with three Granite Libraries at r1.0, aimed at more structured, verifiable, and safety-aware generative workflows. The release adds native Granite integration, instruct-validate-repair patterns, and observability hooks, so it is worth watching as a more opinionated alternative to loose prompt orchestration.

Ollama 0.18.0 adds several stack-relevant changes: OpenClaw can now use Ollama as an auth and model provider during onboarding, ollama launch gained a non-interactive --yes flag for scripts and CI, and cloud models no longer need a pre-pull when using the :cloud tag. The release also adds NVIDIA’s Nemotron-3-Super and warns that ROCm 7 requires updated AMD drivers.

Ollama 0.18.2 is a focused patch release that matters because it fixes ollama launch openclaw --model <model>, correctly registers Ollama’s websearch package for OpenClaw, and improves local Claude Code performance by preventing cache breakages. Small release, useful impact.

OpenClaw published a recovery release under the GitHub tag v2026.3.13-1 after the original v2026.3.13 release path broke. Beyond the packaging cleanup, it includes runtime-relevant fixes like Discord gateway metadata failure handling, restored web_fetch Firecrawl schema config, Docker timezone support via OPENCLAW_TZ, and several agent/session reliability fixes.

Oracle released an out-of-band fix for CVE-2026-21992, a critical unauthenticated remote code execution flaw affecting Identity Manager and Web Services Manager. The issue is reachable over HTTP, requires no user interaction, and carries a CVSS score of 9.8.

The FBI says Russian intelligence-linked actors are hijacking Signal and WhatsApp accounts through phishing, malicious QR codes, and device-linking tricks rather than breaking encryption. Thousands of accounts have reportedly been compromised, especially among high-value targets.

Vercel shipped AI SDK 6.0.133 and 6.0.134 on March 20. The first explicitly publishes v6 to the latest npm dist-tag, while the second removes all experimental embed events, which could break any code relying on those internals or assumptions during upgrades.

Aura, an identity protection company, disclosed a data breach affecting approximately 900,000 records after attackers used phone phishing (vishing) to compromise a marketing tool. Roughly 35,000 customers had data directly stolen. The incident underscores that even security-focused organizations are vulnerable to social engineering attacks that bypass technical controls.

Google patched two actively exploited Chrome zero-days: CVE-2026-3910 (V8 JavaScript engine out-of-bounds memory write) and CVE-2026-3909 (Skia 2D graphics library OOB write via crafted HTML page), both rated CVSS 8.8. Exploitation has been confirmed in the wild. All Chrome users should update to the latest version immediately via Settings > Help > About Google Chrome.

Anthropic launched Claude Code channels as a research preview, enabling control of Claude Code sessions through MCP servers starting with Telegram and Discord. Claude reads events from the channel and replies back through the same interface, allowing developers to manage coding sessions without being at their terminal. This is directly relevant to OpenClaw’s architecture, which already orchestrates Claude via messaging channels.

Claude Code v2.1.71 introduced the /loop command, turning the CLI into a lightweight session-scoped task scheduler. Commands like /loop 5m check deploy or /loop 30s run tests execute on interval until the session closes. Disable with CLAUDE_CODE_DISABLE_CRON env var. Ideal for CI/CD monitoring and automated test runs during active development sessions.

Claude Code introduced remote control functionality: start a session in the terminal, then take over from the web or Claude mobile app. Activated via claude rc or /remote-control command. Useful for monitoring long-running builds or making adjustments on the go without SSH access to the machine.

Claude Code now supports scheduled recurring tasks natively in both the CLI and desktop app. Use cases include automated documentation updates, weekly PR summaries, and repo maintenance on a set schedule. This overlaps with OpenClaw’s existing cron system but could complement it for tasks that benefit from Claude Code’s direct filesystem access and project context.

Claude Code jumped from v2.1.63 to v2.1.76 in March 2026 with a significant feature drop. The headline addition is MCP elicitation support — MCP servers can now request structured input mid-task via an interactive dialog, paired with new Elicitation and ElicitationResult hooks for intercepting responses. Other additions include worktree.sparsePaths for monorepo sparse-checkout, a /effort slash command, PostCompact hook, and -n/—name session naming flag.

Anthropic updated the Developer Platform Models API to return structured metadata per model: max_input_tokens, max_tokens, and a capabilities object. This enables programmatic model selection based on context window requirements without hardcoding model strings. The VSCode extension also received a fix for rate limit errors when selecting Opus on accounts with unknown plan tiers.

Anthropic is running a limited-time usage promotion for March 2026, temporarily doubling rate limits during off-peak hours for Claude Pro and Max subscribers. This is a meaningful window for scheduling compute-heavy tasks — large codebase analysis, million-token context jobs, or batch processing — without hitting standard limits.

DeepAgents is a new multi-agent framework built on LangChain and LangGraph, featuring planning tools, a dedicated filesystem backend, and sub-agent generation for hierarchical task management. Released this week and trending on GitHub, it targets developers building scalable autonomous agents with modular, composable architecture.

Google released Gemini 3.1 Pro on February 19, 2026, following up with March 2026 Workspace integration updates. Gemini now assists within Docs, Sheets, Slides, and Drive — writing documents, building spreadsheets, querying files and emails for answers. New features are gated to Google AI Ultra subscribers. Gemini for Home also received a 40% response time improvement in the March update alongside enhanced Live translation.

OpenAI released gpt-5.4-mini ($0.75/$4.50 per MTok in/out) and gpt-5.4-nano ($0.20/$1.25), with nano undercutting Gemini 3.1 Flash-Lite on price. Simon Willison notes the nano model is capable enough to describe 76,000 photos for approximately $52 total. Mini is 2x faster than the previous mini generation.

Hugging Face published their Spring 2026 semi-annual ecosystem analysis, tracking model and dataset repository growth, geographic diversity of contributors, and competitive dynamics. Key insight: DeepSeek’s successive releases (V3, R1, V3.2) are identified as the dominant competitive pressure in the open model space, with organizations that stagnate losing share quickly.

New evidence links the Stryker Corporation breach to Iranian state-sponsored hackers who used credentials harvested by infostealer malware rather than exploiting a direct vulnerability. The attack highlights how consumer-grade malware infections can fuel nation-state intrusions through credential reuse. Organizations should audit credential exposure via infostealer marketplaces and enforce MFA broadly.

Loblaw, one of Canada’s largest retailers, disclosed a data breach after threat actors gained access to customer information as of March 15, 2026. Full scope and attack vector have not been publicly confirmed, with a possible credential-based or third-party supply chain compromise suspected. Affected customers should monitor for phishing and credential misuse.

OpenAI announced it’s acquiring Astral, the company behind uv, ruff, and ty — three critical Python tooling projects with hundreds of millions of monthly downloads. The Astral team will join OpenAI’s Codex team. OpenAI has committed to keeping the tools open source, but the move raises governance questions for projects that now depend on critical Python infrastructure controlled by a closed AI company.

The New York Times published a piece on OpenClaw going viral in China, noting it hit the top 10 most popular GitHub projects in March 2026, just four months after release. The growing community signals accelerating plugin/fix velocity and broader ecosystem contributions to watch.

A structured three-layer approach is emerging as best practice for complex Claude Code projects: PRDs define architecture and requirements, CLAUDE.md enforces project-specific coding standards (auto-loaded by Claude Code), and MCP elicitation handles mid-task structured input when gaps arise. The pattern reduces hallucination during long builds and keeps outputs on-spec. With MCP elicitation now in v2.1.76, the full stack is production-ready.

Alibaba released Qwen 3.5 9B in March 2026, claiming benchmark wins over OpenAI’s GPT-OSS-120B while being 13x smaller. The 9B variant runs at ~6.6GB (Q4_K_M) via ollama run qwen3.5:9b, hitting 34.4 tok/s on a GTX 1080 Ti. The full lineup spans 0.8B through 27B, covering everything from CPU-only inference to high-end GPU setups. Qwen 3 7B specifically leads HumanEval among small code-generation models.

CISA added CVE-2026-20963 to its Known Exploited Vulnerabilities catalog on March 18, 2026, confirming active exploitation of a critical remote code execution flaw in Microsoft SharePoint. Federal agencies face a mandatory 3-week remediation deadline. Organizations running SharePoint Server should apply Microsoft’s patch immediately.

Starbucks disclosed that unauthorized actors gained access to Partner Central accounts around February 6, 2026, exposing personal information of hundreds of employees. No customer payment data was confirmed affected. The investigation is ongoing and the access vector has not been publicly disclosed.

“Superpowers” (authored by obra) is a modular agent skill framework and dev workflow for coding agents, published March 15 and trending on GitHub. The skill-based architecture is conceptually similar to OpenClaw’s skill system, positioning skills as composable units of agent capability across the development lifecycle.

CVE-2026-32746 (CVSS 9.8) is a pre-authentication flaw in telnetd that enables unauthenticated attackers to gain root-level remote code execution through port 23. No patch is currently available, and Censys identified over 3,362 exposed hosts as of March 18, 2026. Any system running telnetd with port 23 exposed should disable the service immediately.

CVE-2026-3888 exploits a cleanup timing race condition in Ubuntu’s snap-confine to allow local attackers to escalate privileges to root, risking full system compromise. The flaw affects all Ubuntu systems running snapd. Users should run sudo apt update && sudo apt upgrade snapd immediately to apply the available patch.

Third-party integrations like Tiptap’s AI Toolkit are migrating to Vercel AI SDK v6, indicating a breaking-change version bump is in circulation. No official v6 migration guide was surfaced, but the version alignment across packages signals it’s live. Any project using the ai npm package from Vercel should audit before upgrading dependencies.

Simon Willison published his NICAR 2026 workshop handout covering practical patterns for using coding agents (Claude and others) for data journalism and analysis. The three-hour session materials provide concrete, battle-tested workflows for agent-driven data work — useful reference for anyone designing agent task pipelines.

Anthropic is running a double usage promotion through March 27, 2026 (11:59 PM PT) — all Claude API usage counts double toward monthly limits, effectively halving the cost of heavy API workloads during this window. Relevant for teams using Claude Code or running high-volume API pipelines.

Google patched two actively-exploited Chrome zero-days: CVE-2026-3910 (CVSS 8.8), an inappropriate V8 implementation allowing sandbox RCE via crafted HTML, and a second Skia rendering engine flaw. Both were exploited in the wild before patching. Update Chrome to the latest version immediately on all workstations.

Claude Code received a wave of updates in March 2026 (v2.1.63 to v2.1.76), including push-to-talk voice mode in 20 languages, a /loop command for session-level recurring tasks, a 1 million token context window, and Opus 4.6 as the new default model. Voice mode is rolling out to approximately 5% of users currently.

Cursor released four new Automation templates based on their internal security agent fleet, which reviews 3,000+ PRs per week and catches 200+ vulnerabilities. The templates use Cursor Automations’ webhook and GitHub integration harness, covering automated vulnerability review, PR monitoring, and codebase change detection — and are now available for teams to customize.

Google released Gemini 3.1 Pro on February 19, 2026, followed by Nano Banana 2 (built on Gemini 3.1 Flash Image) on February 26. Gemini 3 Deep Think also received a major upgrade targeting practical applications. Teams using Gemini 3 Pro in their stack should verify which model version their API calls are hitting.

Zhipu AI’s GLM-5-Turbo officially launched March 16, 2026 via the Z.ai API platform. The model is specifically optimized for complex agentic workflows, with comprehensive upgrades to tool calling accuracy, instruction following, long-chain task execution, and scheduled/continuous task support. Z.ai’s announcement explicitly mentions OpenClaw-style workflows as a target use case. Available immediately to Max tier users, with Pro access expected late March and Lite in April. We already run GLM-5 base via Ollama cloud; GLM-5-Turbo is worth benchmarking for cron jobs and multi-step agentic tasks given the tool-calling and instruction-following improvements.

OpenAI released GPT-5.4 mini and GPT-5.4 nano on March 17, 2026. The nano model is priced at $0.20/$1.25 per million tokens — cheaper than Google’s Gemini Flash-Lite — and outperforms the previous GPT-5 mini at max reasoning effort. The mini is 2x faster than its predecessor, making both models compelling for high-volume, cost-sensitive workloads.

Hugging Face published their Spring 2026 biannual open source AI ecosystem analysis. Activity has grown rapidly across users, model repos, and datasets. DeepSeek’s sustained cadence of releases (V3, R1, V3.2) kept it competitive against proprietary challengers. The data reinforces that models and organizations that stagnate quickly lose community share to faster-iterating competitors.

Iranian threat actors breached medical device company Stryker using credentials likely harvested by infostealer malware. The incident reinforces the growing trend of nation-state actors using commodity infostealer output as an initial access mechanism, bypassing traditional perimeter defenses entirely via valid credentials.

The first issue of “EVAL” newsletter delivers a candid comparison of six LLM inference engines for March 2026: vLLM, TGI, TensorRT-LLM, SGLang, llama.cpp, and Ollama. Key verdict: Ollama is not a production serving layer. vLLM and SGLang lead on throughput for serious deployments; TensorRT-LLM wins on raw latency but demands significant DevOps overhead to operate.

MiniMax-M2.7 is now available via Ollama’s cloud infrastructure. Designed for end-to-end software engineering and office productivity tasks, with improved character and emotional intelligence. The standout feature is self-improvement using web data, allowing agents to do research and learn new skills autonomously. Benchmarked against qwen3-coder-next on our stack: M2.7 is more thorough on code review (18.4s vs 31.3s, suggesting pathlib and datetime improvements qwen3 missed) but slower and more verbose on code generation (62.7s and 3x more tokens). Not a replacement for qwen3-coder-next on code search summaries, but potentially useful as a research and self-improvement agent.

CISA added CVE-2025-68613 to its Known Exploited Vulnerabilities catalog — an expression injection flaw in n8n that enables full remote code execution with a CVSS score of 9.9. Over 24,700 n8n instances remain exposed to the internet. Organizations running n8n should patch immediately or restrict access to trusted networks only.

Ollama v0.18.0 eliminates the need to download cloud models — appending :cloud to a model name connects automatically to the cloud endpoint. The ollama launch claude command now supports configuring the compaction window for Claude Code sessions, useful for managing context in long-running agentic tasks.

OpenAI Codex v0.113.0 made subagents and custom agents generally available on March 16, 2026. Default subagents (explorer, worker, default) are built-in; custom agents can be defined via TOML config. Codex can now also read the integrated terminal to inspect running dev server output or failed builds mid-task.

OpenClaw entered GitHub’s top 10 most popular projects in March 2026 just four months after release, with a New York Times feature highlighting surging adoption in China (where the government is reportedly monitoring it closely). Major ecosystem growth is incoming — expect an influx of community plugins, forks, and third-party integrations in the coming weeks.

Interlock ransomware operators deployed a novel PowerShell backdoor called Slopoly, believed to have been crafted using generative AI tools, enabling over a week of persistent C2 access before the ransomware stage. Initial access was achieved via ClickFix social engineering. The incident signals that GenAI is actively lowering the barrier for custom malware development by threat actors.

A new agent skill framework called “Superpowers” (authored by @obra) published March 15, 2026 and quickly trended on GitHub. Built on LangChain and LangGraph, it includes planning tools, a dedicated file system backend, and sub-agent generation for hierarchical task delegation — aimed at providing modular infrastructure for autonomous coding agents navigating complex workflows.

CVE-2026-32746 is a pre-authentication vulnerability in telnetd scoring CVSS 9.8 that allows unauthenticated remote attackers to execute code as root via port 23. No patch is currently available. Any systems running telnetd should disable the service immediately and block port 23 at the firewall.

Termite ransomware operators have been observed chaining ClickFix social engineering lures with DonutLoader to deploy CastleRAT, a versatile backdoor known for distributing multiple RAT families and infostealers including LummaStealer. The attack chain represents a well-integrated multi-stage operation with high dwell times prior to ransomware deployment.

Qualys TRU disclosed CVE-2026-3888, a local privilege escalation flaw affecting default Ubuntu installations with Snap enabled. An unprivileged local attacker can exploit a race condition between snap-confine and systemd-tmpfiles to gain full root access with no user interaction required. Patch via standard apt upgrade immediately.

Vercel’s Chat SDK expanded with a WhatsApp adapter, PostgreSQL state backend option, and a community adapter directory covering Slack, Discord, GitHub, Teams, and Telegram. Vercel Agent — an AI-powered suite for debugging production issues and accelerating code review — launched in Beta for Pro and Enterprise plans as of March 17. Vercel Flags also gained CLI management and webhook event support.

Google patched two Chrome zero-days being actively exploited. CVE-2026-3909 is an out-of-bounds write in the Skia 2D graphics library triggered via a crafted HTML page. A second V8 engine flaw was also patched. Update Chrome immediately across all endpoints.

A wave of attacks is actively exploiting FortiGate firewall vulnerabilities (CVE-2025-59718/59719) to breach networks, steal credentials, and dump NTDS. Attackers leverage MITRE TTPs including T1190, T1552.001, and T1003.003. Patch immediately or isolate management interfaces.

OpenAI launched GPT-5.4 mini and nano, smaller and faster variants of GPT-5.4. Mini nearly matches flagship performance at significantly lower cost. Nano described 76,000 photos for $52. Both available in API and Codex. Free ChatGPT users get mini access.

Meta released Llama 4 Scout (17B active params, 16 experts) and Maverick (17B active, 128 experts). Scout offers 10M token context window. Both available on Hugging Face. Competitive with GPT-4o and Gemini 2.0 Flash on benchmarks.

CISA has flagged an actively exploited RCE vulnerability in n8n workflow automation. Over 24,700 unpatched instances remain exposed online, with 12,300+ in North America. Patched in versions 1.120.4, 1.121.1, and 1.122.0. Verify your n8n version and restrict external access.

IBM X-Force confirmed threat group Hive0163 is using a novel AI-generated malware called “Slopoly” in post-exploitation phases of Interlock ransomware attacks. The malware maintained persistent access for over a week while data was exfiltrated, marking a new indicator that AI-assisted malware development is now operational in the wild.

Starbucks disclosed unauthorized access to their “Partner Central” employee portal on or around February 6, 2026. Hundreds of employees affected. No customer payment data reported compromised, but corporate credential exposure is confirmed.

A critical unpatched flaw in telnetd allows unauthenticated attackers to achieve root-level remote code execution via port 23 using a crafted SLC suboption during the initial protocol handshake. A related CVE (CVE-2026-24061) is confirmed active in CISA KEV. No patch available yet. Disable telnetd immediately if exposed.

CVE-2026-3888 exploits a cleanup timing race condition in snap-confine, allowing an attacker with local access to gain full root on Ubuntu systems with Snap enabled. Affects all Ubuntu installations running snapd. Canonical has released patches in snapd 2.73+.

CISA added Wing FTP Server flaw CVE-2025-47813 to the Known Exploited Vulnerabilities catalog. The bug leaks server paths and aids attackers in subsequent exploitation. Federal agencies must patch by March 30, 2026.

Google is standardizing how AI agents interact with the web at the browser level via WebMCP. Instead of agents scraping DOM or clicking buttons, sites declare available actions through declarative and imperative APIs. Currently invite-only early preview. Could make traditional browser automation partially obsolete for adopting sites.

SylphAI published an analysis framing MCP (standardized service access) and Skills (packaged domain knowledge) as orthogonal, not competing. MCP has surpassed 8M+ downloads with 5,800+ servers. Skills provide markdown + scripts with no server process needed. The pattern validates OpenClaw’s skill architecture.