China has seen a rapid, real-world surge of interest in OpenClaw — an open-source AI agent that can run autonomously on personal devices — and that surge has produced a small but booming service economy of installers, preconfigured devices, and paid support. This post summarizes reported facts about how OpenClaw spread, who is profiting, what services are being offered, and
Zombie ZIP: How Malformed Archives Can Hide Malware from Security Scanners
A new archive-manipulation technique called “Zombie ZIP” lets attackers conceal payloads inside ZIP files in a way that can evade many antivirus and endpoint detection solutions. The method was described by security researcher Chris Aziz of Bombadil Systems and has drawn warnings from CERT/CC and the wider security community. This post explains how Zombie ZIP works, what research and evidence
Microsoft .NET Out-of-Bounds Read (CVE-2026-26127) Causes Remote Denial-of-Service Risk
Microsoft has issued an emergency security update to address a newly disclosed vulnerability in the .NET ecosystem that can be triggered remotely and results in denial-of-service (DoS) conditions. The flaw, tracked as CVE-2026-26127, affects multiple .NET runtime and package versions across Windows, macOS, and Linux. Administrators and developers should prioritize applying the available patches to prevent service disruption. What the
Microsoft Copilot Cowork: Automating Multi-Step Workflows Inside Microsoft 365
Microsoft announced Copilot Cowork as a new Copilot capability for Microsoft 365 that moves beyond single-response assistance to plan-and-execute workflows across Microsoft 365 apps and files. Cowork converts a user’s intent into a structured plan, runs the plan across supported apps and data sources, and surfaces checkpoints that require user confirmation before applying changes. The feature is positioned to operate
Introducing the Azure Skills Plugin: Practical Azure Workflows for Coding Agents
The Azure Skills Plugin brings curated Azure expertise and an execution layer together so coding agents can do more than offer generic guidance. Rather than just suggesting commands or linking to documentation, the plugin packages decision logic (skills) and structured tools (MCP servers) so agents can reason about workflows and, when appropriate, run actions against real Azure resources. What the
Title: Zero-Day on the Market: $220K Exploit Targets Windows Remote Desktop Services (CVE-2026-21533)
Remote Desktop Services (RDS) has come under renewed scrutiny after reports that a working exploit for CVE-2026-21533 — an elevation-of-privilege vulnerability in Windows Remote Desktop Services — was listed for sale on a dark web forum for $220,000. The listing and surrounding reporting are factual and straightforward: a recently created account advertised a claimed zero-day exploit, observers recorded the posting,