Threat model escalation: AI agent runtimes.
OpenClaw patched “ClawJacked,” a localhost WebSocket hijack enabling:
• Admin-level agent takeover
• Configuration exfiltration
• Log enumeration
• Integrated system abuse
Additional risks documented across the ecosystem:
– Log poisoning → indirect prompt injection
– CVEs spanning RCE, SSRF, auth bypass
– Marketplace-delivered malware (Atomic Stealer)
– Agent-to-agent crypto scams
Microsoft guidance: treat OpenClaw as untrusted code execution with persistent credentials. Deploy in isolated VMs. Avoid sensitive data exposure.
Core lesson:
Agentic systems expand blast radius due to cross-tool integrations and credential persistence.

Question for defenders:
Are AI runtimes included in your EDR, credential rotation, and segmentation policies?

Source: https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html

Engage below.
Follow TechNadu for advanced AI security analysis.
Repost to amplify awareness.

#Infosec #AIsecurity #OpenClaw #ClawJacked #ThreatModeling #ZeroTrust #CredentialManagement #SupplyChainSecurity #AgenticAI #CyberDefense #EDR #SecurityResearch

Passbolt 5.8 is now live!
Admins can now define additional roles in RBAC, users can be added to groups via drag & drop from the Users & Groups workspace, alongside maintenance updates.
Learn more: https://hubs.li/Q03YRJ7n0

#PasswordManager #OpenSource #CyberSecurity #CredentialManagement

Passbolt 5.7 is now live!
You can now access previous secret versions, quickly identify users requiring action, remove someone from a group without ambiguity, and review cleaner import reports, alongside optimisations and autofill fixes.

Learn more: https://hubs.li/Q03TK0_D0
#PasswordManager #OpenSource #CyberSecurity #CredentialManagement

I got some call from a random number. It was a guy who claimed my number had dialed him. I assured him I had made no such call. He didn't believe me. He felt I was a telemarketer, and as such, invited me to meet him so I could get the "beating I deserve". I politely declined his offer and bid him adieu.

But, I share his displeasure with telemarketers. And I note that frequently they come from what appears to be local numbers, even if it's clearly from an overseas caller. So, I do wonder if my number was actually portrayed by a telemarketer to this gentleman. Does anyone know how such a thing may work? And what can be done to prevent such a possibility?

I checked my phone's settings, and found that my phone is encrypted. But, I also found, under "credential storage", that a whack of oddball entities are listed as having "trusted credentials" (see image -- it goes on much longer than the screenshot). Anyone else have a similar list? I note there is the option to "clear credentials", but I don't know if this is wise to do.

I use LineageOS 22.2 (Android 15).

#tech #android #lineage #credentialmanagement #telemarketers #phone #Mobiles

Oracle Cloud leak is a wake-up call—CISA warns that hard-coded credentials could be an open invitation for hackers. Is your cloud secure? Dive into the details and learn how to protect your data.

https://thedefendopsdiaries.com/understanding-the-oracle-cloud-breach-cisas-guidance-and-recommendations/

#oraclecloudbreach
#cisa
#datasecurity
#cloudsecurity
#credentialmanagement

Passbolt is heading to Forum INCYBER Europe (FIC) from April 1-3, in Lille, France!

Our team will be showcasing how open source credential management empowers teams with granular sharing, customizable access rights, and a privacy-first approach.

Our booth will be in F9 areas alongside Ebrand, CNPD, Luxtrust and more.

Come meet the team and you could walk away with some cool freebies.

See you there!

Details here: https://europe.forum-incyber.com/

#InCyberForum #FIC #CredentialManagement

Explaining the difference between KeePass and passbolt.

See the full comparison between the two solutions: https://hubs.li/Q02T2wnK0
Watch the video: https://youtu.be/Sg_W61wqhCg

#OpenSource #CredentialManagement #TeamCollaboration #GranularSharing

Explaining passbolt's “password expiry” feature.

Learn more about this feature in:
Blog article: https://hubs.li/Q02kQTDp0
Video: https://youtube.com/shorts/tk6GvphDxN0

#OpenSource #CredentialManagement #PasswordExpiry #TeamCollaboration