ToxSec

The lethal trifecta: private data access + untrusted content exposure + external comms. #OpenClaw adds a fourth—persistent memory. Now attackers can fragment payloads across days and assemble them later. The self-hosted AI dream is real. The security model isn’t.​​​​​​​​​​​​​​​​

OpenClaw and Moltbook: The Viral AI Agent and Security Nightmare 🦀 How self-hosted AI assistants with shell access, plaintext credentials, and persistent memory created the lethal trifecta--plus the bots built their own social network

www.toxsec.com/p/openclaw-a...

OpenClaw hit 123K GitHub stars in 48 hours. Self-hosted AI with shell access, plaintext creds, and WhatsApp integration.

Cisco called it “an absolute nightmare.” Then somebody built a social network where the bots prompt-inject each other.

bug hunting is archaeology with curl. #bugbounty

llms are basically web apps that answer politely while leaking secrets. #AIsecurity

PSA:Moltbot Is Wildly Insecure How open-source AI agents expose API keys, enable RCE via prompt injection, and why your “local” butler is probably internet-facing right now

Bet? Most aren't secured. Defaults win, security loses.
Full breakdown of the architecture flaws, real exploits (one researcher grabbed an SSH key in 5 mins via email), and a hardening checklist in the article:
PSA: Moltbot Is Wildly Insecure
www.toxsec.com/p/moltbot-is...

My fresh Shodan pull (post-rebrand, filtered to Clawdbot favicon + port): ~3k exposed instances still sitting there.
Many leaking everything: creds in plaintext (~/.moltbot/credentials/), full histories via WebSocket, unauth command exec, prompt injection turning Gmail into an exfil vector.

The Moltbot hype train went viral → 60k+ GitHub stars in weeks → people spinning up on Mac Minis, VPSes, home servers with defaults that bind to 0.0.0.0:18789 and trust localhost like it's 2005.

hunting logs is just digital birdwatching for blue teamers. #cybersecurity

timeline: 45-day opt-in May 2026, 64-day default Feb 2027, full 45-day rollout Feb 2028. check your cron jobs. that hardcoded 60-day renewal interval is now a ticking outage.

the security logic is sound. shorter cert lifetimes = smaller blast radius when keys get popped. revocation has always been a polite fiction anyway. this forces the automation that should’ve happened years ago.

let’s encrypt is cutting cert lifetimes to 45 days by 2028. the real pain: authorization reuse drops from 30 days to 7 hours. if you’re still manually renewing certs, congrats — you now have a part-time job.

The Hacker News | #1 Trusted Source for Cybersecurity News The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and d...

china-linked hackers have been inside north american critical infrastructure for over a year, quietly grabbing access

cisco talos spotted a china-nexus apt (uat-8837) targeting key sectors like energy and utilities since at least last year.

securing rag is like securing a search engine that doesn’t know when to shut up. #AIsecurity

ai models are like cats: you think you own them, but they do whatever they want. #AIsecurity

pentesters get the glory, defenders get the alerts. #cybersecurity

Built a perfect exploit chain, only to learn the target patched it this morning because a different researcher reported it first. #bugbounty

Spent half the night chasing a weird auth bug…turns out someone rotated the API key during your test window. #bugbounty

pentests feel like chess, bug bounties feel like dumpster diving. #bugbounty

why do all staging servers have cooler bugs than prod? #bugbounty

Track deployments and changelogs.
Subscribe to status pages, RSS feeds, or GitHub commits. New code means fresh attack surface before defenders patch. #BugBounty

red team writes poetry with payloads, blue team answers with firewalls. #infosec

prompt injection is just sql injection for robots. #bugbounty #AIsecurity

The scariest zero-day isn’t in code—it’s the coworker who clicks “Enable Macros” before finishing their morning coffee. #infosec

BREAKING: xAI Shatters All Records with $20 Billion Funding Round.

#xAI has just made history by securing the largest funding round ever recorded.

xAI is building #Colossus. A supercomputer of unprecedented scale designed to train their AI assistant Grok.

OpenAI introduces Health mode.

You can now upload your lab results and get instant, easy-to-understand breakdowns of what those numbers actually mean.
#openai #medicalAI #health #ai

Bug bounty reality: 3 days of recon, 2 days of exploitation, and a $0 “duplicate” payout in 3 seconds. #BugBounty

If you're running n8n in production, treat this as a top priority emergency patch. Your automation security depends on it.

#n8n #CyberSecurity #SecurityAlert #WorkflowAutomation #CriticalUpdate #InfoSec #TechNews #SecurityPatch #Automation #DevOps

yeah i agree. wasn’t impressed with the direction they took it!

🔥