Tech Risk Reading Picks

<Announcement - WhatsApp Channel - follow and stay updated>

1. Zero-click attack Vibe-coding tool: A security researcher demonstrated a zero-click attack on AI coding platform (Orchids) that allowed a security researcher to hijack a BBC reporter’s laptop. The flaw enabled the researcher to alter code inside an active project and remotely execute actions on the device without the user downloading malware or sharing credentials. This includes internet history or even spy through the cameras and microphones. [more]

2. Increased attacks on OpenClaw: Cybersecurity researchers have identified an information stealer, likely a Vidar variant, exfiltrating sensitive files from OpenClaw (formerly Clawdbot/Moltbot) users, marking a shift from stealing browser credentials to harvesting AI agent “identities.” The malware captured files such as openclaw.json (gateway tokens and workspace info), device.json (cryptographic keys), and soul.md (agent behavior and ethical guidelines), potentially allowing attackers to impersonate or access a user’s AI agent. While the theft was opportunistic via broad file-grabbing routines, experts warn dedicated AI-targeting modules are likely to appear. The incident coincides with ongoing OpenClaw security concerns, including malicious skills campaigns hosted on fake websites, undeletable AI accounts on Moltbook, and hundreds of thousands of exposed instances susceptible to remote code execution, highlighting rising risks as the platform gains popularity and integrates into professional workflows. [more]

3. AI co-written logic caused $1.78M loss: Moonwell, a DeFi lending protocol, suffered a $1.78M exploit after a misconfigured cbETH price oracle drastically undervalued the token at around $1 instead of ~$2,200, allowing liquidators to drain over 1,096 cbETH and create protocol-level bad debt. The faulty pricing logic, reportedly co-written by the AI model Claude Opus 4.6, introduced an incorrect scaling factor, collapsing collateral requirements and enabling under-collateralized borrowing. [more]

4. Agentic AI governance guide by Palo Alto Networks: Unlike traditional AI governance, which focuses on accuracy, bias, and compliance of generated responses, agentic AI governance is needed to addresse action risk, authority boundaries, identity and access controls, runtime safeguards, and clear accountability when agents initiate transactions or interact with enterprise systems. Organizations need to be aware of the risks that agentic AI brings, such as loss of execution control, unauthorized tool use, privilege escalation, data misuse, accountability gaps, and behavioral drift over time. Effective governance is important to ensure organizations retain responsibility for the authority they delegate to agentic AI and must ensure that control remains active, visible, and enforceable throughout operation. [more]

5. Japan’s leading semiconductor test equipment supplier hit by ransomware: Advantest, one of Japan’s leading semiconductor test equipment suppliers, is responding to a ransomware attack that disrupted several internal systems after the company detected unusual activity and isolated affected networks. Early findings suggest an unauthorized party accessed parts of its environment and deployed ransomware, with investigations continuing alongside external cybersecurity specialists. Given Advantest’s central role in providing test and measurement tools for chips used in AI, autonomous vehicles and 5G infrastructure, any prolonged disruption could ripple across an already fragile global semiconductor supply chain. The incident comes amid a marked escalation in ransomware activity against industrial firms, with Dragos identifying 119 groups targeting roughly 3,300 organizations in 2025, a sharp increase from the prior year. [more]

6. Increasing powerful Notepad turns vulnerable: Microsoft has fixed a high-severity remote code execution vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into Ctrl+clicking specially crafted Markdown links. The flaw, tracked as CVE-2026-20841, stemmed from improper handling of non-standard URI protocols such as file:// and ms-appinstaller://, enabling malicious files to run without triggering Windows security warnings. Because the code executed in the context of the logged-in user, attackers could gain the same permissions as the victim, potentially launching programs from remote SMB shares. The issue affected Notepad versions 11.2510 and earlier and was addressed in the February 2026 Patch Tuesday updates by introducing warning prompts for non-http and non-https links. [more]

7. Password recovery attacks on password managers: A new academic study has identified multiple password recovery and integrity attacks affecting major cloud-based password managers including Bitwarden, LastPass, Dashlane, and to a lesser extent 1Password, under a threat model that assumes a malicious server and scrutinizes their zero-knowledge encryption designs. Researchers uncovered numerous vulnerabilities ranging from metadata leakage and field manipulation to full organizational vault compromise, largely stemming from key escrow mechanisms, flawed item-level encryption, weaknesses in sharing features, and legacy cryptography that enables downgrade attacks. While the findings highlight design anti-patterns and cryptographic misconceptions that could undermine confidentiality and integrity guarantees for more than 60 million users and 125,000 businesses, there is no evidence of active exploitation. Vendors have disputed or contextualized some findings and have implemented or are implementing mitigations, including removing legacy cryptography support, strengthening integrity controls, and refining recovery to reduce exposure. [more][more-2_researcher+paper]

8. Palo Alto Networks Unit 42 2026 Global Incident Response Report - [more]

   1. The 2026 Unit 42 report highlights an era of faster, more complex cyberattacks, driven by AI, sprawling attack surfaces, and identity exploitation.

   2. Analysis of over 750 high-stakes incidents shows that AI-enabled attacks are now 4x faster, with data exfiltration possible in as little as 72 minutes.

   3. Enterprise complexity benefits attackers: 89% of breaches exploit identity weaknesses, and 87% span multiple attack surfaces, often blending endpoints, cloud, SaaS, and identity systems. Identity-based techniques, including social engineering and credential misuse, account for 65% of initial access, while browser-based attacks affect nearly half of all incidents.

   4. SaaS supply chain attacks have surged nearly 4x since 2022, leveraging OAuth tokens and API keys.