#OSINT, #BugBounty, #Pentesting, #CyberSecurity, #Infosec, #OriginServer, #CDNDetection, #DNSHistory, #SSLForensics, #FaviconFingerprinting, #AttackSurface, #InfrastructureAnalysis, #WebSecurity, #NetworkReconnaissance, #ThreatIntelligence, #SecurityResearch, #CloudSecurity, #ServerDiscovery, #DigitalForensics, #VulnerabilityAssessment

New Product

https://shoppy.gg/product/PvKQaT9

To fix this, the origin server should be restricted to accept traffic only from Cloudflare IP ranges.

Real log

Hacking AI Agents for $20,000
This article outlines a systematic approach to mastering AI application security, consisting of three phases: Understanding current AI models and their architecture, learning to steer language models through prompting, and studying AI attack scenarios with real payloads. The article provides guidance for each phase, including practical payload collections for testing. This article focuses on large language models (LLMs) as the core technology behind AI applications, capable of processing various media types. The lack of proper AI security can lead to vulnerabilities exploitation. Key lesson: Developing a systematic understanding of AI models and attack scenarios is essential for identifying and mitigating vulnerabilities. #BugBounty #AI #ArtificialIntelligence #SecurityResearch

https://anontriager.medium.com/hacking-ai-agents-for-20-000-15436be41eb9?source=rss------bug_bounty-5

https://winbuzzer.com/2026/03/07/google-safe-browsing-missed-84-percent-phishing-sites-xcxwbn/

Google Safe Browsing Missed 84% of Phishing Sites

#Google #GoogleChrome #GoogleSafeBrowsing #WebBrowsers #PhishingAttacks #Cybersecurity #Cybercrime #Hackers #Malware #ThreatIntelligence #SecurityResearch #SecurityThreats #SecurityFlaws

📣💫 The 5th episode of #AIUnplugged is available on our YouTube channel !

The series explores how AI is already being used across industries globally – in business, research, humanitarian action, government, and planning.

🔎🛡 This week, we’re diving into #AI and #cybersecurity with Kathrin Grosse, research scientist at #IBMResearch Zurich. Her work focuses on bridging the gap between AI #SecurityResearch and the problems that AI users face every day.

https://www.youtube.com/watch?v=9owXkv3vSG4

Threat model escalation: AI agent runtimes.
OpenClaw patched “ClawJacked,” a localhost WebSocket hijack enabling:
• Admin-level agent takeover
• Configuration exfiltration
• Log enumeration
• Integrated system abuse
Additional risks documented across the ecosystem:
– Log poisoning → indirect prompt injection
– CVEs spanning RCE, SSRF, auth bypass
– Marketplace-delivered malware (Atomic Stealer)
– Agent-to-agent crypto scams
Microsoft guidance: treat OpenClaw as untrusted code execution with persistent credentials. Deploy in isolated VMs. Avoid sensitive data exposure.
Core lesson:
Agentic systems expand blast radius due to cross-tool integrations and credential persistence.

Question for defenders:
Are AI runtimes included in your EDR, credential rotation, and segmentation policies?

Source: https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html

Engage below.
Follow TechNadu for advanced AI security analysis.
Repost to amplify awareness.

#Infosec #AIsecurity #OpenClaw #ClawJacked #ThreatModeling #ZeroTrust #CredentialManagement #SupplyChainSecurity #AgenticAI #CyberDefense #EDR #SecurityResearch

Meta initiates coordinated legal action targeting cross-border scam advertisers operating from Brazil, China, Vietnam.

Threat vectors observed:
• Celeb-bait campaigns leveraging synthetic media
• AI-assisted investment fraud funnels
• Cloaking to bypass ad review
• DNS manipulation via shadow resolvers
• HTTP-based traffic distribution systems
• Push notification abuse targeting Android Chrome
• Law firm impersonation clusters
Investigative findings indicate high advertiser concentration and shared infrastructure — suggesting organized, scalable fraud operations.

The enforcement move signals increasing willingness by platforms to pursue civil litigation alongside technical disruption.
From a defensive standpoint, what additional telemetry or cross-platform coordination is needed to meaningfully suppress these ecosystems?

Source: https://thehackernews.com/2026/02/meta-files-lawsuits-against-brazil.html

Engage in the comments.
Follow @technadu for advanced threat reporting.
Like and repost for wider awareness.

#Infosec #ThreatIntelligence #Meta #Malvertising #FraudOperations #CyberCrime #DigitalForensics #SecurityResearch #AdTechSecurity #PBaaS

Sandboxes won't save you from OpenClaw

https://tachyon.so/blog/sandboxes-wont-save-you

#HackerNews #Sandboxes #OpenClaw #Cybersecurity #Threats #TechNews #SecurityResearch

Incident Review: Alleged Breach at BookMyForex
BookMyForex, subsidiary of MakeMyTrip, faces allegations of a data breach after users reported unauthorized forex card activity.

Observed:
• USD & BRL debits
• Zero-balance wallet reflections
• Login access issues
• Escalation to Yes Bank
Official clarification: No confirmed data breach, categorized as unauthorized transaction attempts.

Potential vectors:
– Card network exploitation
– Automated fraud campaign
– External data exposure
– Payment processor vulnerability

Until technical transparency is published, this remains an active fintech incident case study.

Security professionals — what’s your threat model?

Source: https://www.technadu.com/bookmyforex-breach-makemytrip-unit-hit-by-possible-cyberattack-company-denies-incident/620754/

Engage below.

Follow TechNadu for deep-dive infosec coverage.

#Infosec #FintechSecurity #AllegedDataBreach #FraudDetection #CyberIncident #ThreatModeling #DigitalPayments #IndiaCyber #SecurityResearch

Texas is taking legal action against TP-Link, alleging firmware vulnerabilities enabled exploitation by China-linked actor Camaro Dragon.

Beyond geopolitics, this case highlights:
• Firmware attack surface risks
• Supply chain governance challenges
• Security disclosure vs. marketing claims
• State-level cyber enforcement expansion

If regulatory scrutiny shifts toward vendor security representations, the industry may face stricter compliance obligations.

Source: https://therecord.media/texas-sues-tp-link-china-allegations

Are hardware vendors prepared for this enforcement era?

Comment with your technical assessment.
Follow Technadu for in-depth threat intelligence reporting.

#Infosec #FirmwareSecurity #ThreatActors #SupplyChainRisk #CyberEnforcement #SecurityResearch #RouterSecurity #CyberPolicy #BlueTeam #CyberDefense