Tag: control
-
15,200 OpenClaw Control Panels Exposed Online with Full System Access
A critical security oversight has left thousands of AI agents wide open to the public internet. 15,200 instances of the OpenClaw AI framework (formerly Clawdbot and Moltbot) are vulnerable to remote takeover. The STRIKE team used internet-wide reconnaissance, including favicon fingerprinting, to identify approximately 42,900 unique IP addresses hosting OpenClaw control panels across 82 countries.…
-
How to govern agentic AI so as not to lose control
assisting and start acting. We will witness a qualitative leap towards agent-based or agentive AI, capable of making autonomous decisions, managing complex workflows, and executing end-to-end tasks without constant intervention. However, this autonomy carries with it a serious warning for businesses: the ability to operate alone exponentially multiplies the impact of any error or security…
-
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
Difference are ‘stark’: Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark.”When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk…
-
Anthropic’s DXT poses “critical RCE vulnerability” by running with full system privileges
Difference are ‘stark’: Principal AI Security Researcher at LayerX Security Roy Paz said that he tested DXT against Perplexity’s Comet, OpenAI’s Atlas, and Microsoft’s CoPilot, and the differences were stark.”When you ask Copilot, Atlas, or Perplexity to use a tool, then it will use that tool for you. But Claude DXT allows tools to talk…
-
Admin Rights Are a Vulnerability, Not an Enabler
Enabling Practical Endpoint Control Without Productivity Trade-offs Removing local admin rights often creates helpdesk and user friction. An identity-first model reduces risk while keeping business operational. Join CyberArk’s practical webinar session to learn how identity-first endpoint control replaces standing admin rights with just-in-time access. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/admin-rights-are-vulnerability-enabler-p-4039
-
How Banks Can Limit Losses From First-Party Fraud
Cadence Bank’s Brent Phillips Focuses on Controls for Online Account Opening. Financial institutions face rising losses from first-party fraud schemes that begin with online account opening. One of the most effective ways to reduce exposure involves practical, risk-based controls that limit how much trust new customers receive before their behavior can be established. First seen…
-
US bid for Dutch ID infrastructure raises sovereignty concerns
Kyndryl’s proposed takeover shows how critical systems become exposed to foreign control without an overarching policy decision First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638606/US-bid-for-Dutch-ID-infrastructure-raises-sovereignty-concerns
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
Never settle: How CISOs can go beyond compliance standards to better protect their organizations
Tags: ai, awareness, breach, ciso, compliance, computing, control, cybersecurity, finance, risk, risk-assessment, risk-management, software, strategy, threat, training, vulnerabilityThe new North Star for CISOs: Accounting for emerging risk: We’ve established that it’s no longer good enough to overfit into a compliance standard, but you can still use compliance to your advantage.Most compliance programs mandate an information security risk assessment and, at a larger company, you may already have a dedicated enterprise risk management…
-
Schrödinger’s cat and the enterprise security paradox
Tags: control, cybersecurity, detection, exploit, framework, identity, intelligence, jobs, metric, penetration-testing, RedTeam, resilience, risk, siem, strategy, threat, tooland compromised. The dashboards might be green and the audit reports reassuring, but the uncomfortable reality is that you do not know your actual state until you observe it directly and often. Many readers will have heard of Schrödinger’s cat in passing, but the details blur over time, so it is worth revisiting what the…
-
Schrödinger’s cat and the enterprise security paradox
Tags: control, cybersecurity, detection, exploit, framework, identity, intelligence, jobs, metric, penetration-testing, RedTeam, resilience, risk, siem, strategy, threat, tooland compromised. The dashboards might be green and the audit reports reassuring, but the uncomfortable reality is that you do not know your actual state until you observe it directly and often. Many readers will have heard of Schrödinger’s cat in passing, but the details blur over time, so it is worth revisiting what the…
-
NIS2: Supply chains as a risk factor
Why supply chains are particularly vulnerable: The supply chain is an attractive target for attackers for several reasons. External partners often have privileged access, work with sensitive data, or are deeply integrated into operational processes. At the same time, they are often not subject to the same security standards as large organizations.Furthermore, there is a structural lack…
-
AI agents behave like users, but don’t follow the same rules
Security and governance approaches to autonomous AI agents rely on static credentials, inconsistent controls, and limited visibility. Securing these agents requires the same … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/09/securing-autonomous-ai-agents-rules/
-
DKnife toolkit abuses routers to spy and deliver malware since 2019
DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…
-
Moltbook Gave Everyone Control of Every AI Agent
Database Misconfiguration Exposed 1.5 million API Tokens. A misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses, and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/moltbook-gave-everyone-control-every-ai-agent-a-30710
-
Six more vulnerabilities found in n8n automation platform
CVE-2026-21893, a command injection hole in the community edition of n8n. An unauthenticated user with administration permission could execute arbitrary system commands on the n8n host.”The risk is amplified by the trust typically placed in community extensions,” Upwinds said in its commentary, “making this a high-impact attack path that directly bridges application-level functionality with host-level…
-
TeamPCP and the Rise of Cloud-Native Cybercrime
Flare researchers report that TeamPCP is abusing exposed cloud control planes to run large-scale, automated exploitation campaigns. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teampcp-and-the-rise-of-cloud-native-cybercrime/
-
Poland’s energy control systems were breached through exposed VPN access
On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/06/poland-cyberattacks-energy-sector-industrial-organizations/
-
Zscaler extends zero-trust security to browsers with SquareX acquisition
Tags: access, ai, ceo, ciso, control, crowdstrike, cybersecurity, edr, endpoint, least-privilege, network, risk, service, strategy, tool, vpn, zero-trustA win-win for customers?: Zscaler has acknowledged that browser runtime behaviour was a missing piece in its zero-trust security, and having SquareX solution in its portfolio can help fill the gap, noted Gogia.For Zscaler customers, this acquisition would mean browser security is no longer an afterthought or a separate tool to evaluate but a native…
-
How Samsung Knox Helps Stop Your Network Security Breach
As you know, enterprise network security has undergone significant evolution over the past decade. Firewalls have become more intelligent, threat detection methods have advanced, and access controls are now more detailed. However (and it’s a big “however”), the increasing use of mobile devices in business operations necessitates network security measures that are specifically First seen…
-
Phishing and OAuth Token Vulnerabilities Lead to Full Microsoft 365 Breach
Two medium-severity vulnerabilities, an unsecured email API endpoint and verbose error messages exposing OAuth tokens, chain together to enable authenticated phishing that bypasses all email security controls, persistent access to Microsoft 365 environments While protocols like SPF, DKIM, and DMARC have made traditional domain spoofing difficult, attackers have evolved. They now seek ways to send…
-
Hackers Exploit Windows Screensaver to Deploy RMM Tools, Gain Remote Access
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) software to establish persistent control over targeted systems. The campaign utilizes a simple yet effective delivery mechanism designed to evade reputation-based…
-
Hackers Exploit Windows Screensaver to Deploy RMM Tools, Gain Remote Access
A new spear phishing campaign that weaponizes a forgotten file type to bypass modern defenses. Attackers are luring victims into downloading Windows screensaver (.scr) files, which silently deploy legitimate Remote Monitoring and Management (RMM) software to establish persistent control over targeted systems. The campaign utilizes a simple yet effective delivery mechanism designed to evade reputation-based…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…