WordPressプラグインAllyにSQLインジェクションの脆弱性、25万サイトにリスク

Researchers analyzing 10 million web pages have identified 1,748 active API credentials from 14 major providers exposed across nearly 10,000 websites, including those run by banks and healthcare providers. These leaks could enable attackers to access sensitive data or gain control over digital infrastructure. Nurullah Demir of Stanford University described the issue as very significant, affecting even major companies.

2026年04月22日(水) AIによるレポート

Microsoft has released an emergency patch for a high-severity vulnerability in its ASP.NET Core framework, affecting macOS and Linux applications. Tracked as CVE-2026-40372, the flaw allows unauthenticated attackers to gain SYSTEM privileges through forged authentication payloads. The company advises immediate updates and key rotation to fully mitigate risks.

Infostealer malware has targeted OpenClaw AI agents for the first time, according to a TechRadar report. The incident highlights vulnerabilities in locally deployed AI systems that store sensitive information. The article was published on February 17, 2026.

2026年04月03日(金) AIによるレポート

Developers of the popular AI tool OpenClaw released patches for three high-severity vulnerabilities, including one that allowed attackers with basic pairing privileges to silently gain full administrative control. The flaw, tracked as CVE-2026-33579 and rated up to 9.8 out of 10 in severity, has raised alarms among security experts. Thousands of exposed instances may have been compromised unknowingly.