VulnHub

Recent reports indicate that nearly 7.1% of skills associated with the open-source AI agent OpenClaw on the ClawHub marketplace may be exposing sensitive information such as API keys, credentials, and credit card details. This vulnerability arises from issues in the SKILL.md instructions, which guide developers on how to create and use these skills. The exposure of such critical data can lead to unauthorized access and financial fraud, impacting both developers and users who rely on these AI capabilities. It's crucial for developers to review their implementations and ensure they are safeguarding sensitive information to prevent potential exploitation. This incident serves as a reminder of the importance of secure coding practices in open-source projects.

In 2025, Proton's Data Breach Observatory reported a staggering 794 major data breaches that collectively exposed over 306 million records. These incidents primarily targeted small businesses, highlighting a significant vulnerability within this sector. The breaches varied in nature, but they all led to sensitive information being compromised, which can have dire consequences for both the businesses involved and their customers. The data exposed in these breaches could include personal information, financial details, and other confidential records, raising concerns about identity theft and fraud. This situation underscores the urgent need for small businesses to bolster their cybersecurity measures to protect against such attacks.

The House panel has approved five bills aimed at strengthening cybersecurity defenses in the energy sector. This decision follows the Department of Energy's recent Liberty Eclipse cybersecurity exercise, which evaluated the sector's readiness against cyber threats. These legislative measures are designed to enhance the security infrastructure of energy companies, which are increasingly targeted by cyberattacks. The move underscores the government's recognition of the energy sector's vulnerability and the need for improved protective measures to safeguard critical infrastructure. This legislative push is significant as it reflects ongoing concerns about the potential impact of cyber incidents on energy supplies and national security.

n8n, an open-source automation platform, is facing serious security issues due to two critical vulnerabilities that allow attackers to escape the platform's sandbox. These flaws could potentially give attackers complete control over the server and lead to the compromise of user credentials. Users of n8n should be particularly concerned as these vulnerabilities pose a high risk of server takeover. The discovery of these issues raises alarms for organizations relying on n8n for AI orchestration, highlighting the need for immediate action to secure their systems. It's crucial for affected users to stay informed and apply any necessary updates to mitigate risks.

In a recent examination of the new AirTag 2, a notable security vulnerability was discovered. An individual was able to disable the device's speaker in just two minutes using a single tool. This is significant because the speaker is essential for alerting users to the AirTag's location, which could lead to unauthorized tracking or tampering. If an attacker can easily silence the AirTag, it undermines its primary function of helping users locate lost items. This flaw raises concerns for anyone who relies on the AirTag for tracking personal belongings, as it may create opportunities for misuse. Apple's tracking devices are popular among consumers, and this discovery could lead to increased scrutiny of their security features.

A hacktivist group claims to have leaked 2.3 terabytes of data that includes personal information of 36 million Mexican citizens. According to the group, this breach may expose various details, but the Mexican government has stated that no sensitive accounts are at risk. This incident raises concerns about the security of personal data in government databases and the potential for misuse. The scale of the breach indicates a significant vulnerability, which could lead to identity theft or other malicious activities if exploited. As the situation develops, both the government and affected individuals will need to stay vigilant regarding their data security.

Recent vulnerabilities in Google Looker have raised serious concerns about security, particularly regarding cross-tenant remote code execution (RCE) and data exfiltration. Attackers could exploit these flaws to gain access to environments of other Google Cloud Platform (GCP) tenants by leveraging a compromised Looker user account. This means that sensitive data from multiple organizations could potentially be at risk, making it a significant threat for businesses relying on GCP services. The findings underscore the need for users and companies to review their security practices and ensure that they are protected against unauthorized access. As vulnerabilities like these can lead to major data breaches, prompt action is essential to safeguard sensitive information.

Wiz and Permiso have discovered significant security vulnerabilities in the Moltbook Agent Network, which is an AI agent social network. Their analysis reveals that bot-to-bot prompt injection attacks could allow malicious bots to manipulate other bots, leading to unauthorized actions or data leaks. This poses a risk to users relying on these AI agents for various tasks, as sensitive information could be compromised. The findings indicate that these vulnerabilities could be exploited by attackers to gain control over the network and access confidential data. As AI technologies become more prevalent, it is crucial for developers to address these security flaws to protect users and maintain trust in AI systems.