Aggregator

本期周报简介：1、等保中的系统安全管理员角色，安全策略配置与监督职责在实际中应如何界定？ 2、应用系统对外暴露时，DMZ区代理是否为必须架构？如何定义dmz区代理的功能和用途？ 3、如何结合隐形水印、终端控制与管理追责，进行有效的保护和溯源？

嗯，用户让我用中文帮他总结一下这篇文章的内容，控制在100个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。 首先，我得通读一下这篇文章。文章主要讲的是BrowserOS项目发现了一个安全漏洞。作者通过GitHub Security提交了这个漏洞，但没有得到回复，所以决定公开申请CVE编号来引起重视。 漏洞的具体情况是，当用户访问恶意网页时，AI可能会误将注入的提示当作系统命令执行，导致任意命令在用户操作系统上运行。这不仅影响特定场景，在聊天模式下也会发生，威胁很大。 然后是漏洞的影响，包括任意命令执行、数据泄露、系统完整性受损以及攻击面扩大。作者认为这个漏洞很严重，应该分配CVE编号以便跟踪和修复。 总结的时候需要涵盖主要点：BrowserOS项目、发现的漏洞、攻击方式、影响以及申请CVE的原因。控制在100字以内，所以要简洁明了。 可能的结构是：BrowserOS项目发现安全漏洞，用户访问恶意网页后AI执行系统命令，影响严重已申请CVE。 检查一下是否符合要求：100字以内，直接描述内容，没有多余开头。 BrowserOS项目发现安全漏洞：用户访问恶意网页后AI可能误执行系统命令，导致数据泄露或系统受损。已申请CVE编号以促修复。

电力系统脆弱性显露无遗，我国电力行业需引以为戒！

The “Invisible Corridor” Security doesn’t break all at once; it erodes in the shadows. The alert didn’t appear to be a crisis because, to your perimeter, everything looked normal. An authorized user, a permitted port, and a standard protocol—on paper was a valid connection. In reality, it was the “keys to the kingdom” being handed … Continued

The post Advancing Zero Trust Private Cloud with vDefend Lateral Security appeared first on VMware Security Blog.

A vulnerability was found in Linux Kernel up to 6.2.2 and classified as critical. Affected is the function ov772x_probe of the component media. Executing a manipulation can lead to memory leak. This vulnerability is handled as CVE-2023-53637. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.27/6.2.14/6.3.1. This issue affects the function adev_release. The manipulation results in use after free. This vulnerability is cataloged as CVE-2023-53636. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.3.1. Impacted is the function dev_dbg. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2023-53639. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.4.11. The impacted element is the function octeon_ep. This manipulation causes use after free. The identification of this vulnerability is CVE-2023-53638. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.15.113/6.1.30/6.3.4. This impacts the function use_after_free of the component ASoC. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2023-53640. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.3.1. It has been declared as critical. This affects the function ath9k_hif_usb_rx_stream. The manipulation results in improper initialization. This vulnerability is reported as CVE-2023-53641. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.3.4. Affected is the function usb_submit_urb of the file drivers/usb/core/urb.c. Performing a manipulation results in privilege escalation. This vulnerability is reported as CVE-2023-53644. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.17/6.2.4. The affected element is the function getsockname. The manipulation results in null pointer dereference. This vulnerability was named CVE-2023-53643. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.52/6.4.15/6.5.2. This affects the function __die of the component VMBus Client Driver. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2023-53647. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.4.6. Affected by this vulnerability is the function xehp_oa_b_counters. Executing a manipulation can lead to out-of-bounds read. This vulnerability appears as CVE-2023-53646. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.4.3. Affected by this vulnerability is the function bpf_refcount_acquire. The manipulation leads to use after free. This vulnerability is listed as CVE-2023-53645. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.4.3. This affects the function snd_ac97_mixer of the file sound/pci/ac97/ac97_codec.c of the component ALSA. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2023-53648. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.28. Affected by this vulnerability is the function clear_user_rep_good in the library arch/x86/lib/clear_page_64.S. Such manipulation leads to memory corruption. This vulnerability is referenced as CVE-2023-53642. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

Senator Maria Cantwell, D-Wash., wants hearings to force AT&T and Verizon to disclose how they’ve responded to the hacks to protect telecom networks.

The post Cantwell claims telecoms blocked release of Salt Typhoon report  appeared first on CyberScoop.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Moltbot, the viral AI agent, offers immense power but is riddled with critical vulnerabilities, including remote code execution (RCE), exposed control interfaces, and malicious extensions. Read on to understand the vulnerabilities associated with Moltbot and the immediate security practices users must prioritize to mitigate this enormous agentic AI security risk.

Key takeaways

1. Moltbot takes an AI agent, gives it access to your computer, your communication streams, your accounts, and much, much more.
2. Given the severe and active threats, including exposed control interfaces, authentication bypasses, and malicious extensions, users must prioritize the security practices outlined below.
3. The convenience of incredible power cannot outweigh the risk that Moltbot’s vulnerabilities create.

What is Clawdbot?

Clawdbot (recently rebranded as Moltbot and subsequently to OpenClaw due to a trademark dispute with Anthropic) is a viral open-source AI assistant. It has been praised for its ability to autonomously execute tasks on local hardware, exemplifying what modern AI can do to truly help end users. As of January 2026, and coinciding with the application's widespread viral adoption, security researchers have identified multiple significant vulnerabilities that place Moltbot users at risk.

What is Moltbot used for?

Moltbot is a multi-function AI agent designed to perform many tasks. Indeed, the website claims it “Works With Everything.” Some features include:

• Setup: Runs on any machine with a choice of models.
• Integrations: Works with any chat app
• Browse the Web: Submit forms on your behalf, find information.
• Memory: Remembers context about you and your preferences
• Extensible: Use or write plugins and skills
• Access: Ability to read and write to disk, execute commands, and more.
• Sandbox: Tools and agents can run inside Docker containers and require approval.

The agent already has an enormous list of official and custom integrations. Given the large feature set, Moltbot must also have a large attack surface. Let’s take a look at Moltbot from an agentic AI security perspective.

Is Moltbot safe? Critical agentic AI security vulnerabilities

• Remote code execution (RCE): Coding issues in the gateway could allow attackers to run commands on the host system with the same permissions as the user, potentially leading to full system compromise. A researcher from depthfirst identified CVE-2026-25253, chaining two findings to execute code on the bot. Two more command injection CVEs have been identified (CVE-2026-24763 and CVE-2026-25157).
• Malicious skills: An OpenClaw bot at Koi identified a few hundred malicious skills in the ClawHub skills repo.
• Exposed control interfaces: Researchers from SlowMist and other firms found that many users misconfigure their setups, leaving the Clawdbot Control web interface publicly accessible on the internet without password protection.
• Authentication bypass: A flaw in how the gateway handles localhost connections allows external attackers to bypass login protections when the software is deployed behind a common reverse proxy (like Nginx).
• Sensitive data leaks: Moltbot stores authentication tokens (API keys), user profiles, and memories in plaintext Markdown and JSON files. Attackers who gain access can steal these keys to take over accounts or conduct Cognitive Context Theft using private conversation histories.
• Indirect prompt injection: Because the tool can read emails, chat messages, and web pages, malicious actors can send messages that trick the AI into executing unauthorized commands, such as exfiltrating data or deleting files.

Recent risks and rebranding

• Trademark rebrand: On January 27, 2026, the project was renamed Moltbot following a legal request from Anthropic.
• Account hijacking: During the name change, the original @clawdbot handles on X and GitHub were immediately snatched by crypto scammers who are now using them to promote fake tokens ($CLAWD) to the project's more than 60,000 followers.
• Second trademark rebrand: On January 29, the project was renamed OpenClaw.
• Malicious extensions: Fake "Clawdbot Agent" extensions for VS Code have been discovered. These fake extensions install trojans and remote access malware on users’ machines.

Recommended security practices for Moltbot users

If you choose to run this software, security experts recommend several immediate hardening steps:

• Strict whitelisting: Use the OpenClaw Security Guide to explicitly whitelist only necessary tools and block dangerous shell execution capabilities.
• Verify gateway settings: Ensure gateway.auth.password is set and verify that your reverse proxy correctly passes headers so authentication is not bypassed.
• Use sandboxing: Enable sandbox mode for the AI agent to restrict its access to your filesystem and browser.
• Run security audits: Use the built-in security audit tool periodically to check for exposed ports or misconfigurations.
• Restrict token access: Moltbot uses API keys and other tokens to access services. These should all be scoped appropriately to allow just enough access and disallow dangerous actions.
• Privacy: Moltbot can be added to group channels where it can read and parse untrusted messages. To help mitigate the risk of prompt injection, grant access only to trusted people and channels.

Tenable plugins for Moltbot and OpenClaw

Tenable Vulnerability Management has detection plugins for Moltbot. A list of Tenable plugins for this vulnerability can be found on the search page for Moltbot and OpenClaw as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

The post From Clawdbot to Moltbot to OpenClaw: Security Experts Detail Critical Vulnerabilities and 6 Immediate Hardening Steps for the Viral AI Agent appeared first on Security Boulevard.