Blog
-
New Vulnerability Can Compromise Openclaw AI Agent via a Malicious Webpage
OpenClaw is everyone’s favorite AI agent of the moment and can enable some very helpful productivity hacks, but the last few weeks have also demonstrated it has a long way to go in terms of security.
-
Another Tentacle of China’s Cyber Espionage Program Disrupted as Google Takes Down GRIDTIDE Infrastructure
Google and Mandiant bring news of yet another group that was operating largely below the radar, yet having great success compromising government and telecoms victims throughout the world since at least 2017. In total the gang racked up suspected intrusions in about 70 nations, with 53 confirmed breaches during operations running from 2018 to last…
-
“Agentic” AI Tools Continue to Struggle as Copilot Helps Itself to Confidential Emails
Another day, another story about agentic AI tools overstepping their bounds. This time it’s Microsoft’s Copilot for 365 business customers, which has been found accessing confidential emails it is not supposed to and creating summaries of them.
-
Can Cloud-Based Password Managers Be Trusted? New Study Exposes Concerning Flaws
A sample size of three of the most popular and widely used password managers (Bitwarden, LastPass and DashLane) finds that they share similar vulnerabilities, and that some of these are likely not things that can be fully addressed given the nature of how cloud-based vaults protect secrets.
-
Chinese Hackers Credited With Another Major Zero-Day Vulnerability; Dell RecoverPoint Compromised Since 2024
The Chinese hackers were likely the only ones exploiting this zero-day vulnerability, but compromised at least a handful of organizations with it dating as far back as the middle of 2024. Dwell time also tends to be in excess of a year as the attackers slowly and quietly move as far as they can through…
-
US Investors Look to Curb Harsh South Korean Government Penalties for Coupang Data Breach
Proposed harsh penalties for Coupang in the wake of its late 2025 data breach have spooked numerous US investors in the company, who have now filed a class action suit seeking to force South Korea’s Ministry of Justice into arbitration.
-
Zero-Day Vulnerability Present Since iOS 1 Serves as Important Security Reminder
Apple also did not specify exactly who was making use of the zero-day vulnerability, but research from Google’s Threat Analysis Group (the original discoverers) indicates that it is known to have been exploited as part of a “very sophisticated” attack chain involving WebKit vulnerabilities that were disclosed and patched late last year.
-
Singapore’s Cyber Security Forces Rally to Shut Down Chinese Espionage Group With Operation CYBER GUARDIAN
Multiple government agencieshave come together in a coordinated effort to expel a suspected China-backed espionage group. The campaign was prompted by cyber attacks on critical infrastructure, which reportedly was able to gain “limited” access to some of the nation’s telcos before being rebuffed.
-
Chinese Hackers Were Inside Notepad++ For Much of 2025, But Only “Select Targets” Received Compromised Software Updates
Though the Chinese hackers appear to have compromised Notepad++’s host server and had the ability to push malicious software updates to all of its users, they did not do so for the vast majority. They instead appeared to want to maintain a “low and slow” approach to get at targets of espionage interest.
-
The Moltbook Data Leak Is a Reality Check for AI Hype and Vibe-Coded Platforms
Misconfigured Supabase database allowing full read/write access to all platform data resulted in a data leak that exposed some 1.5 million API authentication tokens along with 35,000 email addresses and about 4,000 private messages.