For more than a month, security practitioners have been warning about the perils of using OpenClaw, the viral AI agentic tool that has taken the development community by storm. A recently fixed vulnerability provides an object lesson for why.

OpenClaw, which was introduced in November and now boasts 347,000 stars on Github, by design takes control of a user’s computer and interacts with other apps and platforms to assist with a host of tasks, including organizing files, doing research, and shopping online. To be useful, it needs access—and lots of it—to as many resources as possible. Telegram, Discord, Slack, local and shared network files, accounts, and logged in sessions are only some of the intended resources. Once the access is given, OpenClaw is designed to act precisely as the user would, with the same broad permissions and capabilities.

Severe impact

Earlier this week, OpenClaw developers released security patches for three high-severity vulnerabilities. The severity rating of one in particular, CVE-2026-33579 , is rated from 8.1 to 9.8 out of a possible 10 depending on the metric used—and for good reason. It allows anyone with pairing privileges (the lowest-level permission) to gain administrative status. With that, the attacker has control of whatever resources the OpenClaw instance does.

Read full article

Comments

A Rome court has ruled that the price hikes Netflix imposed on subscribers in Italy in 2017, 2019, 2021, and 2024 were unlawful. The court ordered Netflix to refund affected customers by up to 500 euros (about $576), depending on their plan.

The lawsuit was brought by Italian consumer advocacy group Movimento Consumatori, which alleged that the price hikes violate the Consumer Code, Italian legislation that aims to protect consumer rights. The Consumer Code says it's unlawful for a “professional to unilaterally modify the clauses of the contract, or the characteristics of the product or service to be provided, without a justified reason indicated in the contract itself,” according to a Google-provided translation.

The court’s April 1 ruling determined that Netflix's contracts were required to explain in advance why prices or other terms might change in the future.

Read full article

Comments

With the war in the Persian Gulf now more than a month old, the effect on fuel prices is plain to see: On average, they're up almost a dollar per gallon, or 25 percent, according to AAA . For a nation as addicted to the automotive as we are, that's bad news. Except, of course, for electric vehicles.

The last half year has been rough for EV adoption here in the US. At the end of last September, the Trump administration abolished the federal tax credit for both new and used EVs, one of a series of policies that has disincentivized automakers to build EVs and consumers to buy them. Battery factories have been cancelled or repurposed , and EV lineups have been slashed as OEMs write down billions of dollars in the process.

Some analysts have predicted a particularly grim Q1 2026. Cox Automotive, for example, forecast a 6.5 percent overall decrease in new car sales for the first three months of the year but a 28 percent decrease in EV sales for the same period. Without sustained high fuel prices, Stephanie Valdez Streaty, Cox's director of industry insights, expects people to make fewer trips. "To materially change buying behavior and drive a trend toward smaller, more efficient vehicles, consumers would need to believe gas prices will remain elevated for years, not just months," Cox said .

Read full article

Comments

Perplexity's AI search engine encourages users to go deeper with their prompts by engaging in chat sessions that a lawsuit has alleged are often shared in their entirety with Google and Meta without users' knowledge or consent.

"This happened to every user regardless of whether or not they signed up for a Perplexity account," the lawsuit alleged, while stressing that "enormous volumes of sensitive information from both subscribed and non-subscribed users" are shared.

Using developer tools, the lawsuit found that opening prompts are always shared, as are any follow-up questions the search engine asks that a user clicks on. Privacy concerns are seemingly worse for non-subscribed users, the complaint alleged. Their initial prompts are shared with "a URL through which the entire conversation may be accessed by third parties like Meta and Google."

Read full article

Comments

Starlink operator SpaceX claims that Amazon violated orbital debris requirements by launching satellites into initial altitudes that are too high, increasing the risk of collision with other satellites and spacecraft. SpaceX, which recently reported two Starlink satellite failures that created new space debris, yesterday accused Amazon and its launch partner Arianespace of negligence that "needlessly and significantly increases risk to other operational systems and inhabited spacecraft."

Amazon Leo, formerly known as Kuiper Systems, is launching satellites into low-Earth orbits (LEO) to compete against Starlink's much larger constellation of broadband satellites. Amazon denied that its launch altitudes violate any requirements or impose a safety risk and said SpaceX itself helped Amazon launch satellites into a similar altitude last year when Amazon used SpaceX as a launch partner.

SpaceX only objected to the launch parameters after moving its Starlink satellites into nearby altitudes, Amazon said. Changing the altitude of a recent Leo launch would have delayed it by months, according to Amazon. Both Amazon and SpaceX have accused each other of using FCC proceedings to delay the other's satellite launches at various times over the years.

Read full article

Comments

OpenAI might be pulling back on video generation, but Google is forging ahead with a major AI update to its Vids editing product. The company's latest video and audio models are now integrated with the tool, and you can choose from various controllable avatars to appear in generated videos. Your creations are also easier to share on YouTube now.

Veo 3.1 is the biggest part of the Vids upgrade. Google first deployed this updated model in Gemini late last year , promising a substantial improvement in realism and consistency. While Google has pitched Veo as a tool for filmmakers, that's not how it positions Vids. Google suggests using the AI tools in Vids to create animated party flyers, business sizzle reels, or a video greeting card. You can use Vids for free, but you won't be able to generate very many videos without an AI subscription.

If you're not paying for any AI access on your account, you only get 10 video generations per month. AI Pro subscribers can get 50 videos, and those paying for Google's spendy AI Ultra plan (either personal or enterprise) get 1,000 videos per month. Like most other Veo implementations, the videos are eight seconds long and 720p resolution.

Read full article

Comments

Octopuses are one of the most alien creatures on Earth. The lack of bones makes them amazing shapeshifters, most of them can change color like chameleons, and they pump blue copper-based blood through their bodies using three distinct hearts. They rely on a decentralized nervous system, where two-thirds of their neurons reside in their arms, allowing each limb to independently taste, touch, and make decisions for itself.

Now, a team of scientists led by Pablo S. Villar, a molecular biologist at Harvard University, for the first time took a close look at octopuses' sex life. It turned out it was just as weird.

Love in the dark

The deep ocean is a challenging place to find a partner, especially since octopuses are solitary animals that wander the seafloor alone, mating only during highly infrequent encounters. The exact mechanics of their reproduction when they do find each other have long puzzled biologists. We knew that male octopuses don't rely on flashy plumage or complex mating calls and that they use a specialized appendage called the hectocotylus—basically a modified tentacle—to identify females.

Read full article

Comments

The details of how animal life began are a bit murky. Most of the groups familiar today are present in the Cambrian, a period when they rapidly diversified, with familiar features evolving alongside bizarre creatures with no obvious modern equivalents. There are hints that some forms of present animal life predated the Cambrian. But most of the organisms we've found in Ediacaran deposits have no obvious relationship to anything we're familiar with.

The complete absence of these creatures in later strata suggest they might have vanished in a mass-extinction event that cleared the way for the explosion of Cambrian species. But a new series of fossils found at a site in China includes examples of groups that flourished in the Cambrian living side-by-side with a few Ediacaran species. The deposits suggest that there might have been a gradual shift into the Cambrian.

Ediacaran and more

The newly described fossils, described by a team from Yunnan University and Oxford University, come from just south of Kunming, near Fuxian Lake. The rocks they're in are part of the larger Dengying Formation, within a segment that's known to include deposits from the Edicaran, which ranged from 635 to 540 million years ago. They come from close to the end of the period, only about 7 million years before the first clearly Cambrian deposits.

Read full article

Comments

The cost of high-performance GPUs, typically $8,000 or more, means they are frequently shared among dozens of users in cloud environments. Two new attacks demonstrate how a malicious user can gain full root control of a host machine by performing novel Rowhammer attacks on high-performance GPU cards made by Nvidia.

The attacks exploit memory hardware’s increasing susceptibility to bit flips, in which 0s stored in memory switch to 1s and vice versa. In 2014 , researchers first demonstrated that repeated, rapid access—or “hammering”—of memory hardware known as DRAM creates electrical disturbances that flip bits. A year later , a different research team showed that by targeting specific DRAM rows storing sensitive data, an attacker could exploit the phenomenon to escalate an unprivileged user to root or evade security sandbox protections. Both attacks targeted DDR3 generations of DRAM.

From CPU to GPU: Rowhammer's decade-long journey

Over the past decade, dozens of newer Rowhammer attacks have evolved to, among other things:

Read full article

Comments