CoinTelegraph

Viral AI assistant ‘Clawdbot’ risks leaking private messages, credentials

Cybersecurity researchers have raised red flags about a new artificial intelligence personal assistant called Clawdbot, warning it could inadvertently expose personal data and API keys to the public.

Obsidian Tips & Tricks for 2026 : Plugins, Bases Views & Canvas Workflows

Obsidian Bases adds offline tables, galleries, and map views that switch layouts instantly, helping you organize notes in ...
Bleeping Computer

Viral Moltbot AI assistant raises concerns over data security

Security researchers are warning of insecure deployments in enterprise environments of the Moltbot (formerly Clawdbot) AI assistant, which can lead to leaking API keys, OAuth tokens, conversation ...
Ars Technica

AI agents now have their own Reddit-style social network, and it’s getting weird fast

On Friday, a Reddit-style social network called Moltbook reportedly crossed 32,000 registered AI agent users, creating what may be the largest-scale experiment in machine-to-machine social interaction ...

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.

Most ransomware playbooks don't address machine credentials. Attackers know it.

Gartner's ransomware playbook lists three credential reset steps — all human, all Active Directory. Machine identities, which outnumber human ones 82 to 1, aren't mentioned.
TechCrunch

Spotify changes developer mode API to require premium accounts, limits test users

Spotify is changing how its APIs work in Developer Mode, its layer that lets developers test their third-party applications using the audio platform’s APIs. The changes include a mandatory premium ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
9to5Mac

Discord will soon require face scans or ID for all users, or restrict access

Discord has announced a major change coming to the service as part of its aim to improve teen safety features. Starting in March, all users globally will be required to submit age verification via a ...
Engadget

Moltbook, the AI social network, exposed human credentials due to vibe-coded security flaw

Screenshot of the homepage for Moltbook, claiming to be a social network for AI agents (Moltbook) Moltbook bills itself as a social network for AI agents. That's a wacky enough concept in the first ...

These Malicious AI Assistants in Chrome Are Stealing User Credentials

Attackers are impersonating ChatGPT, Gemini, and Grok.
Forbes

Act Now—48 Million Gmail Usernames And Passwords Leaked Online

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Updated January 25 with even more analysis of the publicly ...