Archive for February 10, 2026

Volume of OpenClaw public internet exposures spirals

Posted in Commentary with tags on February 10, 2026 by itnerd

In a report published yesterday, SecurityScorecard’s STRIKE threat intelligence team identified a widespread exposure problem affecting the OpenClaw open-source, vibe-coded AI agent platform, with more than 135,000 instances of the software publicly exposed to the internet. This is in addition to previously known vulnerabilities in the platform.

   “Our findings reveal a massive access and identity problem created by poorly secured automation at scale. Convenience-driven deployment, default settings, and weak access controls have turned powerful AI agents into high-value targets for attackers,” the STRIKE team wrote in the report.

OpenClaw’s bot extensions “skill store” had three high-risk CVEs attributed to it in recent weeks, and it’s also been documented that its various skills can be cracked fairly easily exposing API keys, credit card numbers, PII, and other data valuable to cybercriminals. 

Just a few hours after publication of the report, as the number of internet-facing OpenClaw instances associated with known threat actor IPs increased, the number of identified vulnerable systems on STRIKE’s live OpenClaw threat Dashboard increased by 40,000, the number of RCE-vulnerable instances went from 12,812 to more than 50,000, the number of instances detected that were linked to previously reported breaches had gone from 549 to over 53,000.

Researchers recommend OpenClaw users immediately change the default network connection so it’s configured to point to a localhost. 

   “Out of the box, OpenClaw binds to `0.0.0.0:18789`, meaning it listens on all network interfaces, including the public internet. For a tool this powerful, the default should be `127.0.0.1` (localhost only). It isn’t,” STRIKE noted.

Ryan McCurdy, VP of Marketing, Liquibase:

   “This is what automation at scale looks like when controls lag behind speed. Teams are moving fast but security and governance have to start with safe defaults, tight network exposure, and auditable access. Otherwise, the first misconfiguration becomes a repeatable incident pattern.”

Michael Bell, Founder & CEO, Suzu Labs:

   “135,000 OpenClaw instances are listening on the public internet right now. Most have no authentication. Most are running versions with known RCE vulnerabilities and public exploit code. The platform binds to all network interfaces by default, and the numbers tell you how many users changed that setting.

   “We just saw the same fundamental problem with Claude Desktop Extensions last week. AI agent platforms keep shipping with full system access and no trust boundaries. OpenClaw is what that looks like at scale. 78% of exposed instances haven’t applied the critical patches from January 29. Some are running on infrastructure previously linked to Kimsuky, APT28, and Salt Typhoon. And this isn’t hobbyists in garages. STRIKE found exposed instances in financial services, healthcare, government, and education.

   “A privileged service account with no password on an internet-facing server would get someone fired. An AI agent with the same access level and the same exposure is somehow a feature.”

John Carberry, Solution Sleuth, Xcape, Inc.:

   “The widespread exposure of over 175,000 OpenClaw instances serves as a stark warning about the perils of “vibe-coded” AI agents that prioritize ease of use over fundamental security. By defaulting to a 0.0.0.0:18789 binding, OpenClaw effectively opened the door for the public Internet to engage with potent autonomous agents holding direct access to sensitive API keys and PII.

   “This “convenience-first” approach has generated a vast, automated attack surface, with over 50,000 instances now confirmed vulnerable to Remote Code Execution (RCE). The rapid increase in systems connected to known threat actor IPs, observed within hours of the SecurityScorecard report, indicates that cybercriminals are leveraging the same speed of automation for weaponization as developers used for deployment. What’s particularly alarming is how swiftly AI tools designed for convenience can lead to widespread access and identity breaches when basic safeguards are absent.

   “For security teams, immediate action is imperative: limit network exposure by configuring listening IP Addresses to only those required, revoke and reissue all potentially compromised keys and secrets, scan for misconfigurations using tools like Nuclei or Shodan, scrutinize skill extensions for vulnerabilities, implement Zero Trust principles for AI infrastructure, and operate under the assumption of compromise for systems with default configurations.

   “In the long run, SOC teams must manage AI agents with the same rigor as any other privileged infrastructure, implementing robust default security settings, continuous monitoring, and adherence to the principle of least privilege.

   “If you don’t vibe-code your defaults to localhost, hackers will vibe off your information. In short, don’t use these inherently flawed software.”

Vibe coding is a thing. But perhaps it shouldn’t be based on this. What are your thoughts on this? Please leave a comment and share what you think.

Leave a comment »

Abstract Security Blog: How a single compromised VM can quietly inherit cloud trust and move across Azure w/out touching the network

Posted in Commentary with tags on February 10, 2026 by itnerd

Abstract Security just published a blog this morning: Moving Laterally through Abuse of Managed Identities attached to VMs.  The blog was written by Abstract’s ASTRO research organization.

The research talks about how to put some detection for some type of managed identity abuse. Since managed Identities are very useful tools for the proper functioning of an Azure environment, it becomes difficult in case there are multiple resources attached to a single Managed Identity.

This can lead to the abuse of managed identities. Even though detection may vary depending on environment. For example, there might be some script which uses managed Identities to access other resources like another Virtual Machine. Therefore, this detection is very generalized form of detecting some type of managed identity abuse.

You can read the blog post here: https://www.abstract.security/blog/moving-laterally-through-abuse-of-managed-identities-attached-to-vms

Leave a comment »

February Patch Tuesday Commentary From Fortra

Posted in Commentary with tags on February 10, 2026 by itnerd

By Tyler Reguly, Associate Director, Security R&D, Fortra

On first pass, this month looks pretty reasonable – 60 CVEs, including one assigned by the Chrome CNA. When you look a little more closely, you start to realize that there is a lot going on here. February can be a bit of a cold, dull month, but Microsoft has decided to heat things up a bit. The good news, there’s not a lot of CVEs to deal with, the bad news, there’s actually a lot to unpack here.

We can’t ignore the fact that there are 6 actively exploited vulnerabilities included in this month’s patch drop. 10% of this month’s vulnerabilities are listed by Microsoft as exploit detected. That’s a significant portion of them.

There’s some common language in there too, with vulnerabilities impacting Windows Shell (CVE-2026-21510), MSHTML Framework (CVE-2026-21513), and Microsoft Word (CVE-2026-21514) all including the words ‘security feature bypass.’ Similarly, two of these vulnerabilities – CVE-2026-21519 in Desktop Windows Manager and CVE-2026-21533 in Windows Remote Desktop Services – both allowing elevation of privilege to SYSTEM. The odd vulnerability out in this list is the Windows Remote Access Connection Manager vulnerability (CVE-2026-21525) because it is a local denial of service, something that Microsoft often rejects – refusing to assign CVEs and issue patches for these types of vulnerabilities on a regular basis.

The upside to this many actively exploited vulnerabilities? They are easy to resolve with regular Microsoft patches for Windows and Office and none of them require any post patch configuration steps.

If I’m a CSO this month, I’m less concerned about what my desktop and server security teams are patching and more concerned with my cloud ops teams. Sure, there are a lot of actively exploited vulnerabilities, but the normal patching process will resolve those. The 10 Azure CVEs representing 16.6% of the CVEs released this month are what I would be concerned about. While 3 of these (CVE-2026-21532, CVE-2026-24300, and CVE-2026-24302) are all marked as ‘No Customer Action Required,’ I’d still want to ensure that there was no evidence of issues in my cloud (or cloud adjacent) environments. For the other 7 CVEs, however, I’d hope that my team is looking closely at the variety of fixes that need to be performed to upgrade my environment.

It’s rather amusing to me to watch as we migrate everything to the cloud. With on-prem deployments, the vulnerability resolution process is mature – we know what patches look like, how to find unpatched software, and how to roll out the standard patch to multiple systems. With the cloud, we rely on scripts, full app replacements, and manual configuration to resolve a lot of the vulnerabilities. This puts a lot more pressure on the cloud ops team to fix these as well as the development teams that may be utilizing the related SDKs. This shifts the responsibility for maintaining systems away from traditional vulnerability management programs and may present headaches to CSOs trying to inventory and track the usage of these components in their environments.

Leave a comment »

Social network for doctors Sermo breached by ransomware attack

Posted in Commentary with tags on February 10, 2026 by itnerd

Comparitech is reporting that Sermo, a social network for doctors, yesterday confirmed it notified 2,674 people of a March 2024 data breach that leaked Social Security numbers.

Rebecca Moody, Head of Data Research, commented: 

“There are two concerning elements to this breach — first, the lengthy delay in notifying those involved in the initial breach from March 2024, and second, the fact that another ransomware gang claimed an attack on the organization nearly a year later. Medusa, the gang behind the second claim, isn’t known for making false claims, so we could likely see a further notification for this attack if users’ or employees’ data was breached. 

I would highly recommend that any user or employee of Sermo, whether they’re part of the 2024 breach or not, be on high alert for any suspicious activity (checking back through historic activity and monitoring things going forward) and take up some form of identity theft protection/monitoring.”

Well this sucks because it took a real long time for this to come to light. Nothing good will happen because of that. Let that be a lesson those in a similar position.

Leave a comment »

OVHcloud unveils Bare Metal 2026 line-up powered by the latest AMD processors

Posted in Commentary with tags on February 10, 2026 by itnerd

In a context where organizations have to juggle with unprecedented volumes of data, run even more heterogeneous tasks all while keeping control of their costs and environmental impact, OVHcloud, a global cloud player and the European Cloud leader, unveils its new Bare Metal 2026 generation of dedicated servers.

The new line-is up built around the latest AMD Ryzen and AMD EPYC processors and is designed to offer cost-effective power while providing unparalleled resiliency, enabling organisations of all size to address use cases including machine learning, blockchain, large scale virtualization or hosting of online games.

Bare Metal 2026 serving digital transformation of businesses
With organisations accelerating their digital transformation, uses cases abound: databases, virtualization, containerization, etc. As a result, OVHcloud offers a robust and durable Bare Metal platform for organisations that constantly need to adapt themselves while making the most of their budgets thanks to cost predictability.

Addressing those challenges require processors with high core count to handle unprecedented amounts of tasks in parallel, high-speed DDR5 memory, a vast choice of rapid storage, and a performance per watt ratio to optimise the infrastructure sustainability footprint. 

The Bare Metal 2026 line-up also benefits from a network connection, with unlimited traffic, designed for modern architectures with an unlimited guaranteed public bandwidth ranging from 1 to 5 Gbit/s depending on the models, and a private bandwidth of up to 50 Gbit/s that prove ideal for clusters, virtualization or distributed environments. 

The complete Bare Metal 2026 line-up includes:

  • Rise 2026: These new generation versatile servers are the perfect match for intensive workloads, web environments and light virtualization business needs. They boast AMD Ryzen or EPYC x86 processors built on the Zen 5 microarchitecture. Available now in Europe and Canada.
  • Game 2026: Designed to host online video games sessions, the Game 2026 servers handle virtual machines ideal for gaming environments and offer resiliency with OVHcloud’s built-in Anti-DDoS solution. Leveraging AMD Ryzen 9000 X3D series x86 processors operating at high frequencies, this range provides Level 3 cache memory that helps keep latencies low for a smooth gaming experience. Available now in Europe, Canada and The United States.
  • Advance 2026: SSupporting validation nodes and other blockchain system components, Advance 2026 servers are equally adapted for hosting, database management or cluster deployment of high-performance containers. They are powered by AMD EPYC 4005 x86 processors with up to 16 cores/32 threads with DDR5 ECC memory. They benefit from a 99.95% SLA and are available now in Europe, Canada, The United States and APAC.
  • Scale 2026: Designed for the most demanding use cases including big data, analytics or high-performance computing, the Scale 2026 range supports AMD SEV technology for confidential computing workloads. Tailored for the most ambitious projects and available for deployment in 3-AZ configurations answering resiliency requirements, Scale 2026 servers are built around AMD EPYC 9005 series x86 processors, with up to 384 cores/768 threads (dual socket) and up to 3 TB of DDR5 ECC memory. Storage options can be configured with up to 92 TB of NVMe drives. Scale 2026 servers are available now in Europe, Canada, The United States and APAC.

Sustainability and data protection
Bare Metal 2026 dedicated servers benefit from OVHcloud’s proven infrastructure expertise, delivered from energy-efficient data centers thanks to the Group’s responsible model leveraging watercooling. Data security and protection are backed by internationally recognized standards, including ISO27001 certification, and by a strong European approach to data sovereignty, helping customers maintain control over where their data is stored and how it is accessed.

Learn more about OVHcloud Bare Metal 2026 servers

Leave a comment »

Nikon Introduces the ACTION and ACTION ZOOM Binoculars 

Posted in Commentary with tags on February 10, 2026 by itnerd

Nikon Vision Co., Ltd., (Nikon Vision), a subsidiary of Nikon Corporation (Nikon), has announced the introduction of the new ACTION and ACTION ZOOM binocular series. Whether birding, hiking or spotting the scenery, these new binoculars give users an affordable option for incredible clarity at a variety of distances.

These new ACTION series are the successor models to the popular and highly acclaimed ACULON A211 binoculars, which are the standard Porro prism type models in Nikon’s binocular lineup. The ACTION and ACTION ZOOM series consists of seven models: 8×42, 10×42, 7×50, 10×50, 12×50, 16×50 and 10-22×50. All models feature newly developed optical systems as well as new exterior designs, giving users enhanced handling and usability and improved performance for both optical quality and ergonomic handling compared to previous models.

The 10×42, 12×50, and 16×50 models provide an apparent field of view of 60 degrees or more, qualifying them as wide field of view models. Eye relief has also been extended for most of the models in the series (except the 16×50 model), offering long eye relief of 15mm or more — ensuring comfortable viewing even while wearing eyeglasses or sunglasses.

Regarding the exterior design, the new series adopts an ergonomic form that provides excellent operability and a secure, comfortable grip. The binocular body employs aluminum alloy and is encased in rubber armour that ensures a secure grip and comfortable handling, realizing high durability which users can confidently rely on.

In addition, the ACTION Series offers improved specifications in a wide-ranging lineup of models, with attractive pricing. This makes the ACTION and ACTION ZOOM series models an ideal choice for both those who are new to binoculars, as well as experienced users seeking reliable performance.

Key Features of the ACTION Series:

  • Ergonomic design for excellent handling and a secure grip
  • Multilayer-coated lenses and large objective lens diameter for delivering bright, clear images
  • Rubber armouring for shock resistance and a firm, comfortable grip
  • Aluminum alloy body employed for enhanced durability
  • Long eye relief design ensures a clear field of view, even for eyeglass wearers (except 16×50)
  • Turn-and-slide rubber eyecups with multi-click facilitate easy positioning of eyes at the correct eyepoint (except 10-22×50)
  • Wide apparent field of view (61.4° for 10×42, 60.8° for 12×50, 60.8° for 16×50)
  • Smooth zoom function via the zoom lever (10-22×50 only)
  • Compatible with a tripod using optional tripod adapter (TRA-2 and TRA-3)

Price and Availability

The new Nikon ACTION series of Binoculars will be available in early March 2026 for the following Manufacturer’s Suggested Retail (MSRP) pricing: ACTION 8×42 – $149.95, ACTION 10×42 -$159.95, ACTION 7×50 – $169.95, ACTION 10×50 – $184.95, ACTION 12×50 – $189.95, ACTION 16×50 – $214.95, ACTION ZOOM -10-22×50-$259.95.

For more information about current Nikon products, please visit www.nikon.ca

Specifications:

ACTION 8×42ACTION 10×42ACTION 7×50ACTION 10×50ACTION 12×50ACTION 16×50ACTION ZOOM 10-22×50
Magnification (×)810710121610-22
Effective diameter of objective lens (mm)42425050505050
Angular field of view (real) (˚)86.86.46.45.64.23.9*2
Angular field of view (apparent) (˚)*158.461.442.758.460.860.837.6*2
Eye relief (mm)17.316.119.617.316.11316.3*2
Length (mm/in.)149/5.9149/5.9193/7.6185/7.3185/7.3185/7.3202/8.0
Width (mm/in.)193/7.6193/7.6200/7.9200/7.9200/7.9200/7.9200/7.9
Depth (mm/in.)59/2.359/2.366/2.666/2.666/2.666/2.666/2.6
Weight (g/oz.)790/27.9790/27.9935/33.0935/33.0945/33.3940/33.2950/33.5

Leave a comment »

Guest Post: From “admin” to “admin1” — why hackers love minor tweaks in your login credentials

Posted in Commentary with tags on February 10, 2026 by itnerd

A new analysis reveals that a common habit of making small tweaks to existing passwords — such as adding a number or changing a symbol in an existing password, instead of creating a unique one — is a massive security risk that hackers easily exploit. Despite company policies and security training, this widespread practice of using near-identical passwords remains one of the biggest, most underestimated threats, cybersecurity experts warn.

This risky behaviour is indeed widespread. NordPass’ password reuse survey reveals that 62% of Americans, 60% of Brits, and 50% of Germans reuse passwords across multiple online accounts. On average, people reuse passwords for about five accounts, with one-fifth admitting to reusing them for 10 or more accounts. 

“This risky habit, affecting nearly three in five users, creates a domino effect of vulnerability, where a single compromised password can unlock an entire digital life,” says Karolis Arbaciauskas, head of product at NordPass

Adding a letter, a number, or a symbol

According to the survey data, 68% of Americans who reuse passwords make at least some changes before reusing them. The same is true for 62% of Brits and 61% of Germans. The most common change is adding or changing a number, symbol, or letter.

“Such a lax approach to security can result in stolen data or an emptied bank account, and a lot of anxiety,” says Arbaciauskas. “However, I must agree that, in terms of sheer damage that a threat actor could do, this practice is an especially dangerous phenomenon in the corporate environment. Because it technically does not violate most password policies, and it often stays unnoticed by administrators. This way, it can become an entry point for threat actors, who would gladly extort or blackmail the company.”

Most common variations 

In the “Top 200 most common passwords 2025” list, researchers found 119 nearly identical passwords, which were divided into seven approximate groups:

  • Sequential number variations. Examples: 12345, 123456, 1234567,987654321.
  • “Admin” variations. Examples: admin, Admin, adminadmin, admin123.
  • “Password” variations. Example: password, Password1, p@ssw0rd, Passw0rd.
  • Keyboard pattern variations. Examples: qwerty, qwerty123, abcd1234, Abcd@1234.
  • Repetitive pattern variations. Examples: 11111111, 111111111, aa112233, aabb1122.
  • Common word variations. Examples: welcome, Welcome1, test123, Test@123.
  • Prefix/suffix variations. Examples: a123456, Aa123456, Aa@123456, 12345678a.

The most numerous groups are sequential number variations, keyboard pattern variations, and repetitive pattern variations.

“This is just a rough breakdown, based on variations of the same passwords. However, in principle, all 200 passwords can be placed into certain predictable categories. For example, when compiling the list itself, we noticed that popular names and surnames, place names, swear words, brand names and equivalents of the word ‘password’ in various languages, are often used as passwords. Often with added numbers or special characters. Those passwords feel unique, but are all predictable patterns. Threat actors know this, and the automated hacking tools they use, most certainly can apply common transformations, such as adding or changing characters, and incrementing numbers,” says Arbaciauskas.

Why do people reuse passwords?

A third of internet users who reuse passwords say they do it because they have too many accounts to manage different passwords for each one. About 25% say that they find it inconvenient to create and manage unique passwords. 

“People reuse passwords because it’s easier that way. Between work tools, financial apps, subscriptions, social networks, online shopping, and gaming, the number of accounts adds up quickly. The average person has around 170 passwords. Remembering unique passwords for all of them isn’t realistic. But it is worrying that, despite repeated warnings, about 10% of respondents still don’t think there’s a significant risk in reusing passwords. This mindset is a disaster waiting to happen. Threat actors could gain access to all your accounts, your identity could be stolen, and your credit card — maxed out, or a loan could be taken out in your name. In a corporate setting, this behaviour could cost millions, if you let ransomware in,” says Arbaciauskas.

Password safety tips

According to Arbaciauskas, a few general rules can greatly improve digital hygiene and help avoid falling victim to cyberattacks due to ineffective password management:

  • Security training. Many companies are already doing this. Although this doesn’t always work — sometimes even cybersecurity professionals get fooled — training bears fruit. Companies that run regular security workshops experience fewer cases of reused credentials, and employees often use this knowledge in personal life.
  • Password policies and technologies. Companies should have robust password policies. Ideally, the company’s system would automatically compare newly created passwords with those already leaked on the dark web and prevent the creation of one that is the same or very similar to the one already leaked. It’s best to use password generators for both personal and work accounts.
  • Multi‑factor authentication (MFA). So far, this is the most reliable and convenient way to provide additional protection for business and personal accounts. MFA, which requires you to provide a one-time code when logging in, can stop account takeover even when the threat actors have your password.
  • Password manager. It can help you generate, store, manage, and safely share passwords. A password manager removes the need to rely on memory altogether. Instead of trying to come up with something clever or easy to remember it creates long, random passwords that don’t follow patterns. And you don’t need to remember them — just autofill or copy paste.
  • Consider passkeys. A passkey pairs public‑key cryptography with device biometrics, so there’s nothing to type, nothing to forget, and nothing to reuse. Although adoption is somewhat slower than expected, many major platforms already support them. Where passkeys are unavailable, turn on MFA.

Leave a comment »

ZeroDrift Emerges From Stealth With a16z speedrun Backing to Make Every Enterprise Communication Compliant in the AI Era

Posted in Commentary with tags on February 10, 2026 by itnerd

In regulated industries, speed has become a competitive advantage, but compliance remains a structural brake. Teams want to launch campaigns, communicate with clients, and deploy AI-driven tools, yet every message must pass through manual review. The result is weeks of delay, lost momentum, and teams avoiding written communication altogether. ZeroDrift was built to change that. Today, the company announced its launch from stealth alongside a $2 million pre-seed round to automate compliance in real time, unlocking business velocity while giving compliance teams infrastructure to scale oversight.

The pre-seed round was led by a16z speedrun and brings ZeroDrift’s total funding to $2 million. The capital will support the company’s go-to-market launch, product expansion across communication channels, and continued development of its AI-driven compliance engine.

The timing reflects a growing tension across financial services and other regulated industries. Firms are under pressure to move faster, scale digital outreach, and adopt AI, while regulatory requirements continue to demand strict oversight of every external communication. Traditional compliance models rely on manual redlines, approval queues, and post-hoc sampling. These processes were built for a different era and cannot scale with today’s communication volume, leaving compliance teams stretched thin and business teams waiting. ZeroDrift takes a fundamentally different approach by shifting compliance from a gate at the end of the process into an automated guardrail that operates in real time.

ZeroDrift is an AI-native communication firewall that validates and fixes content before it is sent, giving compliance teams control at scale and business teams the speed to execute. The platform encodes SEC, FINRA, and firm-specific policies into machine-readable rulepacks, then enforces them at the point of creation. ZeroDrift integrates directly into tools teams already use, including email, browsers, CRMs, websites, social platforms, and AI systems. Content is checked instantly, issues are flagged with suggested fixes, and compliant messages move forward without delay. Compliance teams retain full visibility through centralized dashboards, audit trails, and exam-ready evidence generated automatically.

The idea for ZeroDrift came from founder Kumesh Aroomoogan’s experience building Accern (one of the first no-code AI platforms for financial services), which he exited by acquisition in 2025. He repeatedly saw legal and compliance reviews stall launches and drain momentum. He also noticed a more subtle shift, where people preferred phone calls over emails because they were unsure whether what they were writing was compliant. Compliance was not only slow, it was changing how people communicated. 

ZeroDrift was created to solve that problem by giving teams certainty in real time.

ZeroDrift is launching initially in financial services, serving registered investment advisors, asset managers, broker-dealers, and wealth platforms. The market includes more than 15,000 RIAs, 3,500 asset managers, and hundreds of thousands of registered representatives in the United States alone. Early use cases include faster campaign launches, higher sales velocity, safe deployment of client-facing AI, and instant exam readiness without last-minute scrambles.

The broader shift toward AI and multi-channel communication is intensifying the problem ZeroDrift addresses. Firms now communicate across email, websites, social platforms, client portals, and AI assistants, each with its own compliance requirements. Manual review does not scale across this landscape, and hiring more compliance staff is neither economical nor effective. As communication volume increases, the firms that succeed will be those that automate governance rather than rely on human bottlenecks.

Looking ahead, ZeroDrift plans to deepen its coverage across financial services before expanding its rule-based compliance engine into other regulated sectors, including insurance, healthcare, ESG disclosures, and AI governance. The long-term vision is to become the universal trust layer for any system that communicates, ensuring that as AI and automation scale, trust, safety, and compliance scale with them.

Leave a comment »