Microsoft's March 2026 Patch Tuesday fixes 84 vulnerabilities including a CVSS 9.8 RCE discovered by XBOW's autonomous AI agent, an Azure MCP Server SSRF, and an Excel XSS that hijacks Copilot to exfiltrate data.
Chinese authorities ordered government agencies and state-owned banks to remove or restrict OpenClaw, citing security risks from the AI agent's autonomous operation and broad data access.
OpenAI launches Codex Security in research preview, scanning 1.2M commits and finding 11,353 critical and high-severity vulnerabilities. The AI vulnerability arms race is officially on.
A security researcher found that the mcp-kali-server package - shipped in Kali's official repos - interpolates AI-supplied parameters directly into shell commands with shell=True, enabling trivial arbitrary command execution.
Kali Linux's new Claude AI integration funnels scan results, target IPs, and discovered vulnerabilities through Anthropic's cloud API, and the guide's only privacy note is a parenthetical shrug.
OpenClaw ships with authentication disabled and binds to all interfaces. This step-by-step guide covers every hardening measure you need - from authentication and sandboxing to MCP security and network isolation - backed by real CVEs and security research.
