editorially independent. We may make money when you click on links
to our partners.
Learn More
Major Threats & Vulnerabilities
Critical Vulnerabilities in AI and Automation Platforms
A severe flaw in the n8n automation platform allows authenticated users to execute arbitrary commands, potentially exposing cloud credentials and AI workflows. With a CVSS score of 10.0, this vulnerability has been patched and requires immediate update by users.
OpenClaw AI agents continue to pose significant risks. Over 21,000 instances are publicly exposed, capable of executing shell commands and accessing sensitive data. These agents are vulnerable to prompt injection attacks that can convert them into persistent backdoors. Additionally, 341 malicious AI skills were found in the ClawHub marketplace, linked to malware campaigns.
Cloud and Kubernetes Exploits
In under 10 minutes, attackers used AI to escalate from exposed credentials to full AWS admin access by exploiting IAM, Lambda, and Bedrock services. This AI-driven cloud attack underscores the need for robust IAM policies and credential hygiene.
A vulnerability in ingress-nginx allows authenticated users to execute code and access Kubernetes Secrets due to elevated privileges, posing a serious threat to containerized environments.
Browser and Driver Vulnerabilities
Google patched two high-severity Chrome vulnerabilities in the V8 engine and libvpx that could allow arbitrary code execution or crash the browser.
Nvidia GPU drivers were also found vulnerable to privilege escalation across Windows, Linux, and vGPU platforms. Although no active exploitation was reported, patches have been released and should be applied immediately.
Mobile and IoT Threats
An Android RAT campaign exploited Hugging Face to sideload malware via a fake security app, abusing Accessibility Services for full device control.
Separately, a fake dating app was used to deliver Android spyware, leveraging social engineering and legitimate-looking behavior to exfiltrate user data.
Enterprise and Infrastructure Threats
The SystemBC botnet has infected over 10,000 systems, including critical infrastructure, and is being used in ransomware campaigns.
Iconics SCADA systems are vulnerable to a flaw that allows attackers to overwrite Windows drivers, causing denial-of-service and rendering systems unbootable.
Ivanti patched two critical RCE flaws in Endpoint Manager Mobile that are actively being exploited, allowing unauthenticated access and full administrative control.
Industry News
Company Announcements and Leadership Changes
Microsoft has restructured its security leadership, placing engineering quality and security under CEO oversight to better address AI-related risks.
Data Breaches and Legal Developments
A SoundCloud breach exposed private emails linked to public profiles of nearly 30 million users, raising phishing and impersonation concerns.
A former Google engineer was convicted of stealing confidential AI documents to support Chinese tech ventures.
Supply Chain and Extension Threats
Attackers hijacked Notepad++ update servers to distribute trojanized installers, exploiting trust in outdated validation mechanisms.
A malicious VS Code extension disguised as Clawdbot deployed ScreenConnect RAT, targeting developers through trusted workflows.
A Chrome extension posing as an Amazon ad blocker was caught hijacking affiliate links, redirecting commissions without user consent.
Malicious ChatGPT browser extensions were found hijacking user sessions and accessing sensitive AI data, bypassing MFA protections.
Ongoing Ransomware Campaigns
MongoDB ransomware attacks continue to target publicly exposed databases, with over 3,100 unauthenticated instances found online.
Security Tips & Best Practices
Defending Against Botnets
To reduce botnet risk, organizations should:
- Monitor and restrict outbound communications to detect C2 traffic
- Patch and harden endpoints and enforce least-privilege access
- Test incident response plans to contain infections quickly
Kubernetes and Cloud Security
To secure Kubernetes environments:
- Enforce least-privilege access and manage RBAC
- Apply network segmentation and harden cluster entry points
- Enable centralized audit logging and monitor runtime behavior
Reducing External Attack Surface
To minimize exposure:
- Use attack surface management tools to discover internet-facing assets
- Monitor for exposed credentials and API keys
- Audit cloud configurations and decommission unused assets
AI Governance and Risk Management
To strengthen AI governance:
- Establish policies for approved AI use and third-party risk
- Implement least-privilege controls and data access rules
- Inventory AI assets and log prompts and permissions
- Extend incident response plans to include AI-specific threats
Mobile Device Protection
To secure mobile environments:
- Enforce MDM with MFA and mobile threat defense
- Restrict app permissions and access to sensitive data
- Patch mobile OS and apps and use antivirus tools
If you want to see more from our Newsletter Archive please click here.
