This week's Wild West roundup is a doozy:

2026-03-09 · Bits and Bobs 3/9/26

This week's Wild West roundup is a doozy:
- Clinejection: A GitHub Issue Title Compromised 4,000 Developer Machines.
  - Simon's write up is also worth reading.
- Zenity Labs Discloses PleaseFix Vulnerability Family in Perplexity Comet and Other Agentic Browsers
  - "we hijacked perplexity comet by sending a weaponized calendar invite
  - then used it to takeover victim's 1p account and exfil their local files
  - call it pleasefix. like clickfix, but instead of social eng'ing a human you just ask their ai real nicely"
- PerplexedBrowser: Perplexity's Agent Browser Can Leak Your PC's Local Files.
- BlackBoxAI: AI Agent can get your computer fully compromised.
- MS-Agent Vulnerability Let Attackers Hijack AI Agent to Gain Full System Control.
- Invisible Threats: Source Code Exfiltration in Google Antigravity.
- hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far
  - Also covered in this Twitter post: trust your inputs, lose your repo.
- Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer.
- OpenClaw Vulnerability: Website-to-Local Agent Takeover.
- Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild.
- Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel.
- An OpenClaw Agent Published a Firm's Internal Threat Intelligence to the Open Web - It Was Doing Exactly What It Was Told.

More on this topic

From other episodes