Calwarez

CVE-2026-25253  ⚠️ OpenClaw (Moltbot / Clawdbot) – 1-Click RCE via Token Exfiltration  A high-severity vulnerability (CVSS 8.8) has been disclosed in OpenClaw allowing remote code execution with a single click.  The flaw is a logic issue where the Control UI blindly trusts a gatewayUrl supplied via query string and auto-connects over WebSocket, leaking the stored gateway token to attacker-controlled infrastructure.  By abusing cross-site WebSocket hijacking and privileged operator scopes, attackers can disable safety approvals, escape the container, and execute arbitrary commands directly on the host even when the gateway is bound to localhost only.   Modat previously identified exposed Clawdbot/Moltbot control panels, with numbers now even higher. You can read the full blog here https://t.co/Aaq8YCPDGB   Fixed in: v2026.1.29 
Action: Patch immediately and rotate gateway tokens.  Modat Magnify Query: 
web.title~"Clawdbot Control" OR web.title~"OpenClaw Control" OR web.title~"Moltbot Control"  The platform: 
https://t.co/qJfEh7giE9  #threatintel #vulnerability #CVE202625253 #OpenClaw #Moltbot #Clawdbot #RCE #AIsecurity #infosec #ModatMagnify

New Modat Magnify updates are live.  • Time-based filtering  • Unified IP detail view   • Certificate validity filtering (expired, not yet valid, abnormal lifetimes)  • CN wildcard & partial matching  • Issuer Alternative Name (IAN) search  • Empty field search with field=""  • TLS version filtering  • Banner hex search  • New Tags: VPN and PQC over SSH    Built for faster, more precise infrastructure investigations. 
  Explore the new features inside the platform:  https://t.co/qJfEh7giE9

A Ukrainian national has been federally charged with participating in dozens of cyberattacks and computer intrusions against critical infrastructure and other victims around the world, in support of Russia’s geopolitical interests, the Justice Department announced today. The two indictments against Victoria Eduardovna Dubranova, 33, a.k.a. “Vika,” a.k.a. “Tory,” a.k.a. “SovaSonya,” were unsealed today in United States District Court in Los Angeles. Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussia_Reborn (CARR). Dubranova was arraigned today on a second indictment charging her for her actions supporting NoName057(16) (NoName). Dubranova has pleaded not guilty in both cases. Dubranova pleaded not guilty today at her arraignment and a February 3, 2026 trial date was scheduled in that case. As described in the indictments, the Russian government backed CARR and NoName by providing, among other things, financial support. CARR used this financial support to access various cybercriminal services, including subscriptions to distributed denial of service-for-hire services. NoName was a state-sanctioned project administered in part by an information technology organization established by order of the President of Russia in October 2018 that developed, along with other co-conspirators, NoName’s proprietary distributed denial of service (DDoS) program. Details: https://t.co/9FEgalQ0l3