FISA

  A threat actor known as  UNC6426  leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim's cloud environment within a span of 72 hours. The attack started with the theft of a developer's GitHub token, which the threat actor then used to gain unauthorized access to the cloud and steal data. "The threat actor, UNC6426, then used this access to abuse the GitHub-to-AWS OpenID Connect (OIDC) trust and create a new administrator role in the cloud environment," Google said in its Cloud Threat Horizons Report for H1 2026. "They abused this role to exfiltrate files from the client's Amazon Web Services (AWS) Simple Storage Service (S3) buckets and performed data destruction in their production cloud environments." The supply chain attack targeting the nx npm package took place in August 2025, when unknown threat actors exploited a vulnerable pull_request_target workflow – a...

The OpenClaw Phenomenon ‍ OpenClaw (previously known as Clawdbot and Moltbot after trademark disputes) is an open-source AI agent created by developer Peter Steinberger. Unlike traditional AI assistants that just answer questions, OpenClaw is autonomous. It can execute shell commands, read and write files, browse the web, send emails, manage calendars, and take actions across your digital life. Users interact with OpenClaw through messaging platforms like WhatsApp, Slack, Telegram, Discord, and iMessage. The agent runs locally and connects to large language models like Claude or GPT. Its "persistent memory" feature means it remembers context across sessions, learning your preferences and habits over time. The appeal is clear: an AI assistant that takes action on your behalf. People are buying dedicated hardware just to run OpenClaw around the clock. However, that capability comes with serious consequences, and it didn't take long for them to surface. A Cascade of Security...