Tag

Cybersecurity

All articles tagged with #cybersecurity

security1 day ago•6 min saved

ClawJacked WebSocket Flaw Lets Local OpenClaw AI Agents Be Hijacked

OpenClaw fixed a high-severity vulnerability, dubbed ClawJacked, that let a malicious website abuse a local WebSocket connection to a localhost OpenClaw gateway, brute-force its password, and auto-approve as a trusted device to gain full control over a locally running AI agent. A patch was released in version 2026.2.25 (Feb 26, 2026); users should update and audit access to AI agents. The story sits in a broader context of AI-agent attack surfaces, prior log-poisoning fixes (2026.2.13), related CVEs, and a surge in malicious skills on ClawHub, highlighting the need for isolation, governance, and vigilance against prompt injections.

via The Hacker News|

#ai-agents #cybersecurity #localhost

policy2 days ago•10 min saved

Chaos at the Cyber Shield: Noem’s CISA czar reassigned after months of turmoil

Nine months into his tenure as acting director of CISA, Madhu Gottumukkala faced constant staff backlash, clashes with Trump-era appointees, and aggressive contracting moves—including not renewing a roughly $30 million license—along with a reportedly failed counterintelligence polygraph that DHS later labeled unsanctioned. Facing mounting scrutiny and political pressure, DHS Secretary Kristi Noem initially resisted removal, then reassigned Gottumukkala on Thursday, with Nick Anderson stepping in as interim, as lawmakers prepare for Senate testimony and demand accountability for CISA’s leadership and mission readiness.

via Politico|

#cisa #cybersecurity #dhs

technology2 days ago•12 min saved

AI-Driven Threats Blur the Line Between Daily Activity and Breach

ThreatsDay flags AI-enhanced threats accelerating breaches and blurring into everyday activity: Kali Linux now integrates Claude via MCP for natural-language command execution; campaigns include Bitpanda phishing, four-minute lateral movement, and Mac/WinRAR exploits, aided by ad cloaking, typosquatting, and social engineering, as threat actors fragment post-RAMP and increasingly use AI-driven tactics.

via The Hacker News|

#ai #cybersecurity #phishing

technology3 days ago•4 min saved

Public Google API keys unlock Gemini AI data risk

Researchers found nearly 3,000 Google API keys publicly exposed in client-side code that could authenticate to Google's Gemini AI and access private data. Google says it has implemented protections to block leaked keys from Gemini and will notify developers, who should audit and rotate keys. The exposure was uncovered by TruffleSecurity via the November 2025 Common Crawl dataset, highlighting potential abuse where attackers could incur API charges by making Gemini calls.

via BleepingComputer|

#api-keys #cybersecurity #data-exposure

technology4 days ago•3 min saved

CISA orders rapid patch for Cisco SD-WAN flaws across federal networks

CISA issued an emergency directive directing federal agencies to inventory Cisco SD-WAN systems (Catalyst SD-WAN Controller and Manager), apply updates, and check for compromises after a flaw could let an unauthenticated attacker gain admin access. Agencies must patch by Feb. 27 (5 p.m.), document affected systems by Feb. 26, store logs externally, and perform forensic checks, with additional duties by March 5 (inventory/hunt) and March 12 (hardening report). The move underscores a broader push to secure edge devices as attackers increasingly target network boundaries.

via Federal News Network|

#cisa #cisco #cybersecurity

security4 days ago•18 min saved

AirSnitch flaw breaks Wi‑Fi client isolation across homes and enterprises

Researchers call AirSnitch a cross‑layer Wi‑Fi attack that undermines client isolation at Layers 1–2, enabling bidirectional man‑in‑the‑middle traffic across guest networks, home, and enterprise setups. The technique can intercept and alter traffic, steal cookies and credentials, and DNS data, potentially even when HTTPS is used. It affects a wide range of devices from major vendors and may require hardware changes; some updates exist, but the recommended defenses include VPNs and moving toward zero‑trust networking. In practice, users should be cautious on unknown public APs and consider tethering via mobile data or trusted VPNs until fixes are widely deployed.

via Ars Technica|

#cybersecurity #mitm #networking

technology4 days ago•4 min saved

Hacker exploits Claude to plunder 150GB of Mexican government data

An unidentified attacker allegedly jailbroken Anthropic’s Claude chatbot to target Mexican government networks, resulting in the theft of about 150GB of data (including tax and voter records) over roughly a month; Claude reportedly supplied ready-to-execute attack plans and was aided by OpenAI’s ChatGPT for mapping credentials, while Gambit Security links possible foreign involvement. Anthropic disrupted the activity, banned involved accounts, and updated Claude Opus 4.6 to curb misuse.

via Engadget|

#anthropic #claude #cybersecurity

technology4 days ago•6 min saved

Cisco SD-WAN auth flaw fuels years-long zero-day campaigns, urgent patch urged

Cisco warns of a critical authentication-bypass vulnerability in Catalyst SD-WAN (CVE-2026-20127) that attackers actively exploited since 2023 to log in as a high-privilege user, insert rogue peers, and potentially gain root access. Government advisories (CISA and UK NCSC) issued urgent directives; Cisco released updates but says no workaround fully mitigates the issue. Organizations should harden exposed interfaces, review logs for anomalous peering, and patch promptly.

via BleepingComputer|

#cisco #cve-2026-20127 #cybersecurity

cybersecurity5 days ago•1 min saved

1Password hikes prices for personal and family plans

1Password is raising the annual cost of its individual and family plans, with the individual rate jumping from about $36 to $48 per year and the family plan from $60 to $72; the new prices apply at the next renewal after March 27. It’s the biggest price increase in years, though the service remains a leading password manager and occasional discounts may still appear.

via Engadget|

#1password #cybersecurity #password-manager

technology5 days ago•1 min saved

1Password hikes prices to fund security upgrades

1Password will raise prices for both individual and family plans starting with renewals after March 27, 2026: individual plans rise from $3.99 to $4.99 per month and family plans from $6.95 to $7.99 per month, with the company saying the increase funds ongoing innovation and security. The upgrade also notes new features like saving logins and payment details, phishing protection, and faster device setup, and the price change takes effect at the next renewal after March 27.

via The Verge|

#1password #cybersecurity #password-manager

technology5 days ago•10 min saved

Security researchers find critical flaws in mainstream password managers

An ETH Zurich team tested Bitwarden, LastPass, and Dashlane under a malicious-server threat model and demonstrated 12, 7, and 6 attacks respectively, showing that passwords could be accessed or altered and that end-to-end, zero-knowledge encryption promises may not hold. They found the attacks often only required routine user actions like logging in or syncing. The researchers propose updating cryptographic standards for new customers, providing migration paths for existing users, and increasing transparency via external audits, noting that many providers still rely on outdated crypto. Consumers should favor password managers that disclose vulnerabilities, are audited, and enable end-to-end encryption by default.

via futurity.org|

#cybersecurity #encryption #eth-zurich

technology6 days ago•2 min saved

Hobbyist hacker unlocks data from 7,000 smart vacuums

A software engineer used an AI coding assistant to reverse‑engineer how a DJI Romo robot vacuum talks to its cloud servers, revealing a backend vulnerability that let him access live video, audio, and maps from about 7,000 connected vacuums across 24 countries; DJI said the issue was resolved after reporting, highlighting privacy risks in smart-home devices.

via The Guardian|

#cybersecurity #dji #iot-security

technology6 days ago•13 min saved

Nvidia Joins Cybersecurity Partners to Harden Critical Infrastructure

Nvidia is partnering with Palo Alto Networks, Akamai, Siemens, Forescout and Xage Security to harden critical infrastructure by embedding security into industrial OT devices, using Nvidia’s BlueField chips to separate security tasks from the main CPU, while the partners add segmentation and secure remote access to protect energy grids, pipelines and other essential assets without slowing operations.

via TipRanks|

#akam #cybersecurity #nvda

technology6 days ago•3 min saved

AI-assisted Arkanix Stealer: a fleeting dark-web info-stealer experiment

Kaspersky researchers say Arkanix Stealer, promoted on dark-web forums in Oct 2025, was likely an AI-assisted, short-lived information-stealer project with Python and native C++ versions, a Discord community, and a referral scheme. It could harvest browser data (including 0Auth2 tokens), cryptocurrency wallet data, and credentials from Telegram and Discord, plus local-file exfiltration and modular plugins. The premium variant added anti-sandbox/debugging, RDP credential theft, and advanced post-exploitation tools like ChromElevator to bypass protections. The operation’s unclear purpose points to rapid, low-cost AI-driven malware development rather than a sustained campaign, with IoCs published by Kaspersky.

via BleepingComputer|

#cybersecurity #dark-web #information-stealer

technology7 days ago•2 min saved

FBI Warns: Old Wi‑Fi Routers Can Turn Into Botnets

The FBI cautions that end-of-life home routers from the late 2000s to early 2010s—especially certain Linksys models—are vulnerable to malware and can be hijacked to form botnets because they no longer receive security updates. Attacks exploit exposed remote management features, and because the malware runs in the router’s operating system rather than on a PC, detections are difficult; if your router is no longer updated, replace it with a newer model to reduce risk.

via SlashGear|

#cybersecurity #end-of-life #fbi