Ahmed Iyad (Evie's Daddy)

⚠️Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access Source: https://t.co/2a2EwBz82h Five zero-day flaws in OpenClaw allowed attackers to bypass trust boundaries and hijack AI agent access across multiple messaging platforms. OpenClaw, which integrates AI agents with services such as Slack, Discord, Microsoft Teams, Matrix, and Telegram, relies heavily on user-defined allowlists to determine who can interact with an agent. This trust model assumes that only explicitly approved identities can issue commands to agents that may have access to sensitive data, internal APIs, or system-level execution capabilities. The vulnerabilities stem from a recurring design flaw in which human-readable identifiers, such as display names, are resolved to stable user IDs during service initialization. #cybersecuritynews

🚨 Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control Source: https://t.co/qMw4J9lSi1 A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction. The flaw, tracked as CVE-2025-48595, was highlighted in the June 2026 Android Security Bulletin, where Google confirmed limited real-world exploitation. The vulnerability resides in the Android Framework component and is a high-severity elevation-of-privilege (EoP) issue. Under certain conditions, attackers can exploit the flaw remotely to escalate privileges without requiring additional execution permissions. #cybersecuritynews #Vulnerability #Android

❗️ Over 30 official Red Hat npm packages were compromised. How they got in: - A Red Hat employee's GitHub account was compromised. - Attackers pushed "orphan commits" (detached from branch history) straight in, bypassing code review with no pull request. - Payload "Miasma" (Mini Shai-Hulud variant) steals GitHub/cloud/Vault/SSH/npm secrets. Rotate everything since June 1. - The commits added a workflow (ci.yaml) + script (_index.js) that abused npm trusted publishing, requesting a real OIDC token to publish backdoored versions.

APPLE JUST GOT HUMILIATED BY AN $8 JACKET BADGE A random Japanese maker saw Apple's $3,499 Vision Pro Persona and decided to build the same thing for the price of a pizza. Same real-time face mirroring. Same natural expressions and blinks. Same low latency reaction when you smile. Apple needed a full headset with M2 chip, R1 processor, 12 cameras and LiDAR. He did it with one ESP32, a tiny camera and MediaPipe running 468 landmarks on-device. Total cost: eight dollars. This is what happens when one weekend hacker destroys a billion-dollar feature in a jacket pin. The hardware moat just evaporated. Full system in the video below.

⚠️ WhatsApp Chat Histories Stored Unencrypted on macOS and iOS Source: https://t.co/81kaKGR6V6 New research has revealed that WhatsApp chat histories may be stored unencrypted on both macOS and iOS devices, raising fresh concerns about local data protection and cross-application access within the Apple ecosystem. While WhatsApp uses strong end-to-end encryption (E2EE) to secure messages in transit, this protection does not extend to how data is stored locally once the user accesses it. The issue affects both iOS devices and macOS systems running WhatsApp, particularly where shared app containers are utilized. On macOS, where file system access is more flexible, the risk may be more pronounced if endpoint security controls are weak. #cybersecuritynews #WhatsApp

‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you. The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads. The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate. Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.

‼️🚨 The official JDownloader website was breached, attackers swapped the Windows and Linux installers with malware for over a day before anyone noticed. JDownloader is a popular download manager with millions of users on Windows, macOS, and Linux. Timeline: ▪️ May 5, 23:55 UTC: attacker tests the method on a dummy page. ▪️ May 6, 00:01 UTC: real attack goes live. Alternative download links for Windows and Linux are replaced with malicious installers. ▪️ May 7: a Reddit user notices Windows SmartScreen flagging the installer with a strange publisher ("Zipline LLC", "The Water Team", "Peace Team") instead of "AppWork GmbH". ▪️ Hours later, the JDownloader dev team confirms the breach and takes the site offline. How they got in: an unpatched vulnerability let attackers modify the website's access control list (ACL), give themselves edit rights, and swap the download links. No further details on the bug have been shared. What's compromised: ▪️ Windows installer (alternative download links). ▪️ Linux shell installer (alternative download links). What's safe: ▪️ macOS installers (still validly signed). ▪️ The core JDownloader.jar file. ▪️ Flatpak, Winget, and Snap packages (separate infra, sha256 checksums unchanged). ▪️ In-app auto-updates (separate servers, end-to-end signed). If you downloaded JDownloader from the website between May 6 and May 7, treat your machine as compromised. This is the third trusted-software website breach in recent weeks, after Daemon Tools and CPU-Z / HWMonitor.