Hello, World! I'm Vivian, a cybersecurity and AI Product Manager trying to keep up with an industry that moves faster than I can whisk up my morning matcha. Every week brings a new wave of vulnerabilities, AI security mishaps, and breaches that keep us on our toes, so I take some time to share the most interesting news and to help me stay accountable and informed. Let's dive into whats been in cybersecurity and AI security recently.
AI Research & Vulnerabilities:
Most Downloaded OpenClaw Skill Turns Out to Be an Infostealer
Researchers analyzed how OpenClaw's agent skill system creates a significant attack surface where malicious actors can craft skills that appear legitimate but contain hidden instructions to exfiltrate credentials or execute unauthorized commands. They discovered that the most downloaded skill in the OpenClaw registry, ClawHub, a seemingly legitimate Twitter integration, is actually an infostealer. This attack highlights a shift in the AI attack surface from the model itself to its operational tools, where a single compromised skill can exfiltrate browser sessions, API keys, and SSH credentials from the host machine.
Claude Opus 4.6 Discovers 500+ High Severity Vulnerabilities and Multiple 0-Days
Anthropic published findings showing that its latest model, Claude Opus 4.6, successfully identified over 500 high-severity vulnerabilities. Opus 4.6 operated in a sandboxed environment with security tools but no specialized instructions or custom scaffolding. It analyzed Git commit histories to find unaddressed patterns and identified complex logic flaws. This research shows that LLMs can be used in conjunction with security detection tools and can exceed the scale of human researchers, though remediation workflows need to keep pace with the speed and volume of vulnerabilities.
Two Critical Attack Paths in Docker's Ask Gordon AI Assistant
Researchers disclosed DockerDash, a pair of critical vulnerabilities in Docker's Ask Gordon AI assistant that weaponizes the Model Context Protocol. The flaw, categorized as Meta-Context Injection, allows an attacker to embed malicious instructions within the metadata labels of a Docker image. Because the AI assistant treats this metadata as trusted context, it forwards the instructions to the MCP Gateway, which then executes them through local tools without any validation, resulting in remote code execution and/or data exfiltration.
AI News
French Prosecutors Raid X Offices Over Grok-Generated Deepfakes
Authorities in France conducted a raid on the Paris headquarters of X as part of a criminal investigation into the generation of non-consensual sexual deepfakes using the Grok AI. The investigation focuses on whether the platform failed to implement adequate safeguards to prevent the creation of harmful synthetic content and if it complied with local moderation laws. This action follows a series of high-profile incidents where Grok was reportedly used to generate explicit imagery of public figures.
Humanity Protocol Experiment Bypasses Tinder Verification
Humanity Protocol released results of a two-month social experiment demonstrating the ease with which generative AI can manipulate online dating ecosystems. Using publicly available tools, researchers created four hyper-realistic fake profiles on Tinder. The AI personas managed over 100 simultaneous conversations with real users, ultimately interacting with 296 individuals and successfully convincing 40 people to agree to a physical date. The experiment highlights how traditional verification measures like photo verification and basic liveness checks are increasingly insufficient against AI-generated imagery and autonomous conversational agents.
Cybersecurity Vulnerabilities
RCE and Internal Access Vulnerabilities Found in Google Looker
Researchers identified two critical vulnerabilities in Google Looker, collectively dubbed "LookOut," that allow for full system compromise. The first vulnerability is a Remote Code Execution chain that exploits path traversal in Git configuration within LookML projects. The second flaw is an authorization bypass that enables attackers to connect to Looker's internal MySQL management database and exfiltrate credentials and secrets via error-based SQL injection. While Google has patched its managed cloud services, self-hosted and on-premises deployments remain at risk until manually updated.
Palo Alto's Unit 42 Uncovers Multi-Year Global Espionage Operations
Unit 42 researchers exposed a series of interconnected espionage campaigns targeting government agencies and critical infrastructure in 37 countries, with scanning activity detected in over 150 nations. The group's toolkit has evolved from traditional Cobalt Strike payloads to more specialized tools, including VShell and a sophisticated new Linux kernel rootkit dubbed ShadowGuard. The campaign's timing suggests a high degree of geopolitical coordination, with spikes in activity aligning with major trade negotiations and natural resource deals involving the targeted ministries.
Web Traffic Hijacking via Malicious Nginx Configurations
Researchers discovered a campaign where threat actors associated with React2Shell are hijacking web traffic by tampering with Nginx configuration files. Using a multi-stage toolkit, attackers gain initial access and inject malicious directives into existing server blocks. This allows them to intercept and reroute live user sessions through attacker-controlled backend servers to harvest credentials or session cookies without installing new binaries. The campaign specifically targets Asian TLDs and environments managed via the Baota Panel, turning legitimate infrastructure into an invisible relay for data exfiltration.
Cybersecurity News
Scam Network Impersonates Law Firms to Target Victims
Researchers uncovered a large-scale scam operation where threat actors impersonate legitimate law firms to target individuals, promising to help recover losses or secure compensation. The scammers create fake legal websites with stolen attorney credentials and contact breach victims directly, requesting personal information and upfront fees for services that never materialize. The operation specifically targets victims of breaches who are already vulnerable and seeking legitimate assistance.
Man Pleads Guilty to Hacking Nearly 600 Women's Snapchat Accounts
An Illinois man pleaded guilty to federal charges after hacking into approximately 600 Snapchat accounts belonging to women and girls to steal private photos and videos. The defendant used social engineering techniques to obtain login credentials and then accessed the accounts to download intimate images. He faces significant prison time for charges including computer fraud and aggravated identity theft.
Substack Notifies Users of Data Breach
Substack disclosed a security incident where unauthorized access to its systems resulted in the exposure of user data including email addresses, names, and metadata. The company stated that passwords were not compromised and no payment information was accessed. Substack is notifying affected users and has implemented additional security measures to prevent similar incidents.
That's all for now… Stay informed and protected.