A high-severity security vulnerability affecting Open WebUI has been uncovered, potentially exposing users to account takeover (ATO) and, in some cases, full server compromise. The flaw, tracked as CVE-2025-64496 and discovered by Cato Networks researchers, impacts Open WebUI versions 0.6.34… Read More "High-Severity Flaw in Open WebUI Affects AI Connections"
A self-styled social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed. Moltbook was vibe coded by its creator, Matt Schlicht, as a place for… Read More "Vibe-Coded Moltbook Exposes User Data, API Keys and More"
A multi-stage phishing campaign is using a sneaky technique to evade detection by security tools and harvest corporate credentials for well-known cloud storage services, researchers have warned. Forcepoint X-Labs issued an alert about the ongoing campaign on February 2, which… Read More "New Password-Stealing Phishing Campaign Targets Dropbox Credentials"
The cybercrime unit of the Paris Prosecutor’s Office raided Elon Musk’s X offices in Paris on February 3. The search of the offices located in the chic 2nd arrondissement district, conducted in collaboration with the National Gendarmerie’s cybercrime unit and… Read More "Paris Prosecutors Raid Elon Musk’s X Offices in France"
Security researchers have discovered a new ransomware-as-a-service (RaaS) group which has already victimized organizations in Brazil and South Africa. Dubbed “Vect,” the group is currently onboarding affiliates after launching a recruitment program in December 2025, according to ransomware specialist Halcyon.… Read More "Researchers Warn of New “Vect” RaaS Variant"
The UK’s Information Commissioner’s Office (ICO) has launched an investigation into Elon Musk’s social network X (formerly Twitter) in relation to non-consensual sexual imagery generated by Grok, the platform’s AI assistant. In a statement released on February 3, the UK’s… Read More "ICO Launches Investigation into X Over AI Non Consensual Sexual Images"
A critical security flaw affecting Docker’s Ask Gordon AI assistant has been disclosed by cybersecurity researchers, revealing how unverified metadata can be turned into executable instructions. The issue, dubbed DockerDash by Noma Labs, exposes weaknesses across the full AI execution… Read More "DockerDash Exposes AI Supply Chain Weakness In Docker’s Ask Gordon"
More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The flaw existed in versions 10.3.1 and earlier and could be… Read More "SQL Injection Flaw Affects 40,000 WordPress Sites"
New findings reveal almost 400 fake crypto trading add-ons in the project behind the viral Moltbot/OpenClaw AI assistant tool can lead users to install information-stealing malware. These add-ons, called skills, masquerade as cryptocurrency trading automation tools and target ByBit, Polymarket,… Read More "Hundreds of Malicious Crypto Trading Add-Ons Found in Moltbot/OpenClaw"
OpenClaw has patched six new vulnerabilities in its popular agentic AI assistant, covering server-side request forgery (SSRF), missing authentication and path traversal bugs, according to Endor Labs. The vulnerabilities, some of which do not have CVE IDs, range from moderate… Read More "Researchers Reveal Six New OpenClaw Vulnerabilities"
