Find notable cyber news and cases, enriched with sources, timelines, and signals.

MemGhost stealth memory injection against OpenClaw personal agents

Technical Analysis
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

Researchers demonstrated MemGhost, a one-email prompt-injection technique that can plant a persistent false memory in OpenClaw-style personal agents, letting an attacker steer later-session answers without visible consent. The lab results show the attack can survive into future sessions and remain hidden, raising the risk of durable context poisoning in agents that read inboxes and write their own memory files.

Related Happenings

OpenClaw message-object prompt injection patched in 2026.4.23 security flaw

Vulnerability
H score15 First: 11.06.2026 20:46 Last: 11.06.2026 20:46 Sources 1

About this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...

SHub Reaper macOS infostealer variant

Malware Activity
H score23 First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The **SHub Reaper** macOS infostealer now uses **AppleScript** and a fake **Apple security update** lure to infect Macs, raising the risk of credential theft and remote access. It...

DEEP#DOOR Python backdoor framework

Malware Activity
H score28 First: 30.04.2026 15:36 Last: 30.04.2026 15:36 Sources 1

About this happening: **DEEP#DOOR** is a newly disclosed **Python-based backdoor framework** that can keep **persistent access** to compromised Windows hosts while stealing browser, SSH, and cloud cred...

Indirect prompt injection payloads against AI agents reveal fraud, deletion, and secret-theft paths

Technical Analysis
H score20 First: 23.04.2026 12:30 Last: 23.04.2026 12:30 Sources 1

About this happening: **10** new **indirect prompt injection (IPI)** payloads show how web content poisoning can coerce **AI agents** into **financial fraud**, **data destruction**, and **API key theft...

OpenClaw hardening guidance (CNCERT)

Advisory/Mitigation
H score24 First: 14.03.2026 18:17 Last: 14.03.2026 18:17 Sources 1

About this happening: China's **CNCERT** issued mitigation guidance for **OpenClaw**, warning that weak defaults and privileged access could let attackers seize endpoints, leak data, or trigger destruc...

Timeline

  1. 13.07.2026 16:49 2 articles · 9h ago

    MemGhost lands on arXiv with one-email persistent memory poisoning attack

    Initial Disclosure

    MemGhost, described as stealth memory injection, shows how one email can make an OpenClaw-style agent save a false persistent memory, hide the write, and later steer answers in fresh sessions. The paper landed on arXiv on 6 July 2026 and reported 56 fresh test cases, 87.5% success against OpenClaw on GPT-5.4, and 71.4% against a Claude Code SDK agent on Sonnet 4.6.

    Show sources
  2. 13.07.2026 16:49 1 articles · 9h ago

    OpenClaw weighs provenance, audit logs, and confirmation prompts for memory writes

    Mitigation Patch Update

    OpenClaw said it is weighing memory-write controls for external content, including provenance, audit logs, and confirmation prompts, and its guidance recommends routing untrusted email through a separate reader agent stripped of memory, file, and shell tools before passing only a summary to the main agent. The researchers argue the durable-memory fix should live inside the agent through source tagging, user confirmation before memory writes, and logging every write.

    Show sources