📣💫 The 5th episode of #AIUnplugged is available on our YouTube channel !
The series explores how AI is already being used across industries globally – in business, research, humanitarian action, government, and planning.
🔎🛡 This week, we’re diving into #AI and #cybersecurity with Kathrin Grosse, research scientist at #IBMResearch Zurich. Her work focuses on bridging the gap between AI #SecurityResearch and the problems that AI users face every day.
Threat model escalation: AI agent runtimes.
OpenClaw patched “ClawJacked,” a localhost WebSocket hijack enabling:
• Admin-level agent takeover
• Configuration exfiltration
• Log enumeration
• Integrated system abuse
Additional risks documented across the ecosystem:
– Log poisoning → indirect prompt injection
– CVEs spanning RCE, SSRF, auth bypass
– Marketplace-delivered malware (Atomic Stealer)
– Agent-to-agent crypto scams
Microsoft guidance: treat OpenClaw as untrusted code execution with persistent credentials. Deploy in isolated VMs. Avoid sensitive data exposure.
Core lesson:
Agentic systems expand blast radius due to cross-tool integrations and credential persistence.
Question for defenders:
Are AI runtimes included in your EDR, credential rotation, and segmentation policies?
Source: https://thehackernews.com/2026/02/clawjacked-flaw-lets-malicious-sites.html
Engage below.
Follow TechNadu for advanced AI security analysis.
Repost to amplify awareness.
#Infosec #AIsecurity #OpenClaw #ClawJacked #ThreatModeling #ZeroTrust #CredentialManagement #SupplyChainSecurity #AgenticAI #CyberDefense #EDR #SecurityResearch
Meta initiates coordinated legal action targeting cross-border scam advertisers operating from Brazil, China, Vietnam.
Threat vectors observed:
• Celeb-bait campaigns leveraging synthetic media
• AI-assisted investment fraud funnels
• Cloaking to bypass ad review
• DNS manipulation via shadow resolvers
• HTTP-based traffic distribution systems
• Push notification abuse targeting Android Chrome
• Law firm impersonation clusters
Investigative findings indicate high advertiser concentration and shared infrastructure — suggesting organized, scalable fraud operations.
The enforcement move signals increasing willingness by platforms to pursue civil litigation alongside technical disruption.
From a defensive standpoint, what additional telemetry or cross-platform coordination is needed to meaningfully suppress these ecosystems?
Source: https://thehackernews.com/2026/02/meta-files-lawsuits-against-brazil.html
Engage in the comments.
Follow @technadu for advanced threat reporting.
Like and repost for wider awareness.
#Infosec #ThreatIntelligence #Meta #Malvertising #FraudOperations #CyberCrime #DigitalForensics #SecurityResearch #AdTechSecurity #PBaaS
Sandboxes won't save you from OpenClaw
https://tachyon.so/blog/sandboxes-wont-save-you
#HackerNews #Sandboxes #OpenClaw #Cybersecurity #Threats #TechNews #SecurityResearch
Incident Review: Alleged Breach at BookMyForex
BookMyForex, subsidiary of MakeMyTrip, faces allegations of a data breach after users reported unauthorized forex card activity.
Observed:
• USD & BRL debits
• Zero-balance wallet reflections
• Login access issues
• Escalation to Yes Bank
Official clarification: No confirmed data breach, categorized as unauthorized transaction attempts.
Potential vectors:
– Card network exploitation
– Automated fraud campaign
– External data exposure
– Payment processor vulnerability
Until technical transparency is published, this remains an active fintech incident case study.
Security professionals — what’s your threat model?
Engage below.
Follow TechNadu for deep-dive infosec coverage.
#Infosec #FintechSecurity #AllegedDataBreach #FraudDetection #CyberIncident #ThreatModeling #DigitalPayments #IndiaCyber #SecurityResearch
Texas is taking legal action against TP-Link, alleging firmware vulnerabilities enabled exploitation by China-linked actor Camaro Dragon.
Beyond geopolitics, this case highlights:
• Firmware attack surface risks
• Supply chain governance challenges
• Security disclosure vs. marketing claims
• State-level cyber enforcement expansion
If regulatory scrutiny shifts toward vendor security representations, the industry may face stricter compliance obligations.
Source: https://therecord.media/texas-sues-tp-link-china-allegations
Are hardware vendors prepared for this enforcement era?
Comment with your technical assessment.
Follow Technadu for in-depth threat intelligence reporting.
#Infosec #FirmwareSecurity #ThreatActors #SupplyChainRisk #CyberEnforcement #SecurityResearch #RouterSecurity #CyberPolicy #BlueTeam #CyberDefense
🔐 Public disclosure: CVE-2025-69690 & CVE-2025-69691
Two authenticated RCE vulnerabilities in Netgate pfSense CE:
CVE-2025-69690 (CVSS 8.8): Unsafe deserialization
→ root RCE via backup restore (pfSense 2.7.2)
CVE-2025-69691 (CVSS 9.9): XMLRPC exec_php
→ root RCE via default credentials (pfSense 2.8.0)
Vendor notified Dec 2, 2025. Acknowledged, no patch planned.
Responsible disclosure followed throughout.
Full write-up: https://github.com/privlabs/CVE-2025-69690-CVE-2025-69691
#CVE #pfSense #InfoSec #RCE #SecurityResearch
#ResponsibleDisclosure
Active phishing campaigns monitored by Netskope Threat Labs are leveraging high-frequency video conferencing workflows as an infection vector.
Attack chain:
- Pixel-perfect spoofed Zoom / Teams / Meet page
- “Mandatory update” prompt
- Deployment of signed RMM agent (Datto, LogMeIn, ScreenConnect)
- Administrative persistence & lateral movement
Key concern: Abuse of legitimate, digitally signed RMM binaries to evade signature-based controls and blend into sanctioned enterprise traffic.
Detection challenge:
Distinguishing authorized RMM activity from malicious post-exploitation.
Source: https://www.netskope.com/blog/attackers-weaponize-signed-rmm-tools-via-zoom-meet-teams-lures
Are you enforcing strict RMM allowlists and monitoring outbound C2-like behavior within approved tools?
Engage below.
Follow @technadu for threat intelligence coverage.
#ThreatIntel #RMMAbuse #LivingOffTheLand #EDR #SOC #BlueTeam #Phishing #EnterpriseSecurity #ZeroTrust #IncidentResponse #CyberDefense #SecurityResearch
New 2026 telemetry from Bitdefender indicates 41% of Valentine’s-themed email traffic contained scam elements.
Threat vectors observed:
• Brand impersonation campaigns
• AI-generated dating personas
• Advance-fee survey funnels
• Delivery notification phishing
• Pharma spam distribution
• Healthcare provider impersonation (e.g., Techniker Krankenkasse)
Geographic targeting concentrated in the U.S. (55%) and key European markets.
Question for defenders:
Are current email filtering models sufficiently adaptive to seasonal emotional triggers amplified by generative AI?
Engage below.
Follow @technadu for threat intelligence reporting.
#ThreatIntel #Phishing #EmailSecurity #AIThreats #SOC #BlueTeam #FraudDetection #BrandAbuse #SecurityResearch #CyberDefense #Malspam #DigitalRisk
AI Recommendation Poisoning represents a trust-layer attack surface.
Microsoft researchers documented memory manipulation techniques classified as MITRE ATLAS AML.T0080.
Key characteristics:
• Persistent assistant memory alteration
• URL-based pre-populated prompt injection
• Cross-prompt injection via documents/web content
• Social engineering-based memory modification
This shifts the threat model from direct model compromise to recommendation integrity compromise.
If assistants influence financial, healthcare, or security decisions, poisoned memory becomes a systemic risk.
Source: https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/
How should enterprises audit and sanitize AI memory state at scale?
Follow TechNadu for intelligence-driven AI security coverage.
#Infosec #ThreatModeling #PromptInjection #AIThreats #MITRE #CyberDefense #SecurityResearch #TechNadu
School of Computer Sciences
TechNadu
Hacker News
Nelson | Security Researcher