VulnHub

Recent reports indicate that nearly 7.1% of skills associated with the open-source AI agent OpenClaw on the ClawHub marketplace may be exposing sensitive information such as API keys, credentials, and credit card details. This vulnerability arises from issues in the SKILL.md instructions, which guide developers on how to create and use these skills. The exposure of such critical data can lead to unauthorized access and financial fraud, impacting both developers and users who rely on these AI capabilities. It's crucial for developers to review their implementations and ensure they are safeguarding sensitive information to prevent potential exploitation. This incident serves as a reminder of the importance of secure coding practices in open-source projects.

Researchers from SafeBreach have reported that an Iranian hacking group known as Infy APT has adapted its tactics by using Telegram for command and control (C2) operations. This shift comes after a period of internet restrictions imposed by the Iranian government, which has since ended, allowing the group to re-establish its online presence. The use of Telegram for C2 indicates a strategic change, making it easier for attackers to communicate and coordinate their activities while potentially evading detection. This development is concerning for organizations that may be targeted by these tactics, as it suggests a more sophisticated approach to cyber espionage and attacks. Keeping an eye on these evolving methods is crucial for cybersecurity professionals in order to protect sensitive information.

The Department of Homeland Security (DHS) is facing a privacy investigation that will focus on the use of biometric tracking by its Immigration and Customs Enforcement (ICE) and the Office of Biometric Identity Management (OBIM). Auditors have indicated that the probe might expand to other DHS components, examining how the agency utilizes biometric markers in immigration enforcement activities. This scrutiny comes as concerns grow over privacy rights and the implications of increased surveillance. The outcome of this investigation could impact DHS's practices and policies regarding biometric data collection and usage, raising questions about transparency and accountability in immigration enforcement.

Researchers have identified a significant security risk involving artificial intelligence, specifically large language models (LLMs). Attackers can embed backdoors within these models, making them hard to detect. These backdoors lie dormant until triggered by a specific phrase, at which point the model executes harmful actions. This poses a serious threat to users and organizations relying on AI for various applications, as it could lead to data breaches or misinformation. The findings highlight the need for improved security measures in AI development to prevent such vulnerabilities from being exploited.

Anthropic, an AI company, has reported that its latest Claude model has identified over 500 vulnerabilities in various software systems. These vulnerabilities were carefully validated by human researchers to ensure that no false positives slipped through. This kind of thorough analysis is crucial because it helps organizations pinpoint and address security weaknesses before they can be exploited. The findings emphasize the ongoing need for vigilance in software security, as even established systems can harbor significant vulnerabilities. Companies using affected software should take immediate steps to assess their systems and apply necessary updates or patches to mitigate potential risks.

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all federal agencies upgrade their outdated edge devices within the next year. This initiative is in response to concerns over the security weaknesses posed by aging network infrastructure, which could leave federal systems vulnerable to cyberattacks. Experts have long warned that outdated technology can create entry points for attackers, potentially compromising sensitive government data. By enforcing this requirement, CISA aims to bolster the overall security posture of federal networks and reduce risks associated with legacy systems. The move reflects a growing recognition of the need for modern, secure technology in government operations.

Lockdown Mode is a security feature for iPhones designed to protect users from cyber attacks and prevent forensic tools from accessing data after a device is seized by authorities. This mode is particularly useful for individuals who may be at risk of targeted attacks, such as journalists, activists, or those in sensitive positions. By activating Lockdown Mode, users enhance their privacy and security, making it significantly harder for anyone to extract information from their devices. The feature gained attention after reportedly thwarting attempts by law enforcement, including the FBI, to access iPhones during investigations. This highlights the ongoing battle between personal privacy and law enforcement access to digital data, raising important questions about the balance between security and individual rights.

In 2025, Proton's Data Breach Observatory reported a staggering 794 major data breaches that collectively exposed over 306 million records. These incidents primarily targeted small businesses, highlighting a significant vulnerability within this sector. The breaches varied in nature, but they all led to sensitive information being compromised, which can have dire consequences for both the businesses involved and their customers. The data exposed in these breaches could include personal information, financial details, and other confidential records, raising concerns about identity theft and fraud. This situation underscores the urgent need for small businesses to bolster their cybersecurity measures to protect against such attacks.

Substack has confirmed that it experienced a data breach, although the company did not disclose how many users were affected. While the details surrounding the breach remain limited, Substack mentioned that only a small amount of user data was compromised. This incident raises concerns about the security of users' personal information on the platform, especially given the growing number of breaches affecting online services. Users of Substack should remain vigilant, as data breaches can lead to phishing attempts and other security risks. The lack of specific details about the breach leaves many questions unanswered, particularly regarding what types of data were compromised and how the breach occurred.

Security researchers have identified several significant vulnerabilities within the OpenClaw AI assistant that complicate its safe use. Users reported that malicious 'skills' could be installed, potentially leading to unauthorized access or misuse of the assistant's capabilities. Additionally, the configuration settings for the application are described as finicky, making it difficult for users to ensure secure setups. These issues raise concerns for both individual users and organizations considering using OpenClaw, as they could expose sensitive data and create security risks. Proper attention to these vulnerabilities is crucial to protect users and maintain trust in AI technologies.