Oobleck9m ago

I’m taking a data security posture management (DSPM) certificate course, and I’m having a real hard time with the the notion that the top maturity level is basically “add #AI for continuous management!”

The data destruction piece literally says, “At Level 5, organizations fully eliminate manual intervention in data destruction, relying on AI-powered automation to refine policies, enforce compliance, and manage security risks dynamically.”

Yeah, that sounds nice, but then I look at the stories like how #claude AI deleted the #pocketOS database, or how #OpenClaw deleted the mailbox of of the Director of Safety and Alignment at #Meta.

We need humans in the loop. And we need to ask ourselves what benefits we’re getting by introducing non-deterministic LLMs and AIs into #compliance processes that should be precise.

RedPacket Security9m ago

CVE Alert: CVE-2026-45223 - openclaw - crabbox - https://www.redpacketsecurity.com/cve-alert-cve-2026-45223-openclaw-crabbox/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-45223 #openclaw #crabbox

CVE Alert: CVE-2026-45223 - openclaw - crabbox - RedPacket Security

Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function

RedPacket Security
RedPacket Security9m ago

CVE Alert: CVE-2026-8305 - n/a - OpenClaw - https://www.redpacketsecurity.com/cve-alert-cve-2026-8305-n-a-openclaw/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-8305 #n-a #openclaw

CVE Alert: CVE-2026-8305 - n/a - OpenClaw - RedPacket Security

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file

RedPacket Security
RedPacket Security9m ago

CVE Alert: CVE-2026-45006 - OpenClaw - OpenClaw - https://www.redpacketsecurity.com/cve-alert-cve-2026-45006-openclaw-openclaw/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-45006 #openclaw #

CVE Alert: CVE-2026-45006 - OpenClaw - OpenClaw - RedPacket Security

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows

RedPacket Security
RedPacket Security9m ago

CVE Alert: CVE-2026-45224 - openclaw - crabbox - https://www.redpacketsecurity.com/cve-alert-cve-2026-45224-openclaw-crabbox/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-45224 #openclaw #crabbox

CVE Alert: CVE-2026-45224 - openclaw - crabbox - RedPacket Security

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or

RedPacket Security
RedPacket Security9m ago

CVE Alert: CVE-2026-45004 - OpenClaw - OpenClaw - https://www.redpacketsecurity.com/cve-alert-cve-2026-45004-openclaw-openclaw/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-45004 #openclaw #

CVE Alert: CVE-2026-45004 - OpenClaw - OpenClaw - RedPacket Security

OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd()

RedPacket Security
RedPacket Security9m ago

CVE Alert: CVE-2026-45001 - OpenClaw - OpenClaw - https://www.redpacketsecurity.com/cve-alert-cve-2026-45001-openclaw-openclaw/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-45001 #openclaw #

CVE Alert: CVE-2026-45001 - OpenClaw - OpenClaw - RedPacket Security

OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect

RedPacket Security
RedPacket Security10m ago

CVE Alert: CVE-2026-44995 - OpenClaw - OpenClaw - https://www.redpacketsecurity.com/cve-alert-cve-2026-44995-openclaw-openclaw/

#OSINT #ThreatIntel #CyberSecurity #cve-2026-44995 #openclaw #

CVE Alert: CVE-2026-44995 - OpenClaw - OpenClaw - RedPacket Security

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to

RedPacket Security
eli48m ago
#OpenClaw has been a game changer if you know how to leverage it effectively. Most people don't.
The Bad Place4h ago

The Guardian | AI-powered hacking has exploded into industrial-scale threat, Google says by Aisha Down and Dan Milmo

AI generated summary, Read the full article for complete information.

In a recent Google threat‑intelligence report, AI‑powered hacking is already an industrial‑scale threat, with criminal groups and state‑linked actors from China, North Korea and Russia leveraging commercial large‑language models such as Gemini, Claude and OpenAI tools to accelerate, scale and sophisticate attacks—including faster malware development, persistence, and zero‑day exploitation. Google’s chief analyst John Hultquist says the “AI vulnerability race” has begun, noting that AI lets threat actors test operations, refine exploits and launch mass‑exploitation campaigns, as illustrated by a group on the brink of using a non‑Mythos LLM for a large‑scale zero‑day attack. Anthropic’s decision to withhold its Mythos model after it uncovered pervasive zero‑day flaws underscores the danger, while experts like UCL’s Steven Murdoch warn AI is reshaping vulnerability discovery. Meanwhile, the Ada Lovelace Institute cautions that public‑sector productivity gains touted for AI may rest on untested assumptions, urging more rigorous, long‑term evaluation of AI’s real impact.

Read more: https://www.theguardian.com/technology/2026/may/11/ai-powered-hacking-industrial-scale-threat-three-months-google

#Google #Anthropic #OpenAI #JohnHultquist #Gemini #Claude #Mythos #OpenClaw #AdaLovelace #UKgovernment #aiartificialintelligence #business #cybercrime #cyberwar #hacking #technology

AI-powered hacking has exploded into industrial-scale threat, Google says

Criminal groups and state-linked actors appear to be using commercial models to refine and scale up attacks

The Guardian