CyberSecurity Knuggets
Feb 04, 2026
Subject: Hot new social network Moltbook exposed 1+ million credentials
Sender: info@metacurity.comD
Summary:
– Researchers at Wiz uncovered a major security flaw in the AI-powered social network Moltbook—a Reddit-like platform for AI agents.
– The flaw exposed private messages between agents, over 6,000 owners’ email addresses, and more than 1 million credentials.
– Moltbook had rapid growth but lacked basic security measures due to “vibe coding” that sacrifices security for speed.
– The vulnerability was fixed promptly after disclosure.
– Other cybersecurity news includes Chinese state-sponsored threat actors hijacking Notepad++ updates, Russia’s legislature enabling government shutdowns of communications networks, ICE’s use of facial recognition over 1.2B images, and Mountain View disabling license plate cameras after privacy violations.
– Additional insights on phishing using PDFs, GlassWorm malware targeting macOS developers, and Instagram private profile leaks.
– Mozilla will add Firefox AI controls letting users block or selectively allow AI enhancements.
– NationStates game suffered a security breach via RCE exploit impacting user data.
– APT28 launched a Microsoft Office zero-day campaign targeting Eastern Europe.
– Hong Kong saw a 21% rise in data breach reports, mainly hacking.
– Cybercriminals attacking an Antwerp high school escalated extortion to parents.
– U.S. election cybersecurity funding concerns from Congress.
– Jeffrey Epstein sought hacker contacts linked to LulzSec members.
Key takeaways:
– AI social networks like Moltbook are vulnerable to vast credential leakage if not properly secured.
– Nation-state actors increasingly exploit software supply chains and zero-days for espionage.
– Government policies on communications shutdowns and surveillance raise privacy concerns.
– Major organizations and developers must stay vigilant about supply chain and API security.
Subject: Secure AI-Driven Development from First Prompt to Final Fixs
Sender: news@securityweek.comD
Summary:
– New agent communication protocols MCP and A2A are transforming AI application development.
– Gartner predicts by 2028, AI agents will consume most APIs instead of humans.
– These protocols increase API usage, not replace them.
– Software engineering leaders should focus on creating “agentic experiences” for APIs with streamlined access and precise documentation.
– Critical security measures like rate limiting and access management are essential for APIs used by AI agents.
– The content is promoted via a SecurityWeek whitepaper download and webinars on secure AI development.
Subject: French police raid X’s Paris offices | The CyberWire 2.3.26s
Sender: editor@newsletter.n2k.comD
Summary:
– French prosecutors raided the offices of social media platform X in Paris related to investigations over the AI tool Grok.
– The inquiry involves allegations of interference with automated data systems and fraudulent data extraction.
– The probe expanded to investigate Grok’s generation of sexually explicit underage deepfakes and Holocaust denial content.
– Elon Musk and former CEO Linda Yaccarino are summoned for voluntary interviews.
– The UK’s Information Commissioner’s Office launched a formal investigation into X and xAI over harmful AI-generated content.
– Separately, Moltbook’s database was exposed with 1.5 million API tokens and 35,000 emails; the platform allows millions of AI agents operated by humans with minimal verification.
– Coveware warns that Nitrogen ransomware’s ESXi variant is undecryptable due to a cryptographic flaw, making ransom payment ineffective for victims.
– Sponsored content promotes RSA Conference 2026 Cybersecurity event.
Subject: Critical React Native Vulnerability Exploited in the Wilds
Sender: news@securityweek.comD
Summary:
– Russia-affiliated APT28 rapidly weaponized a newly patched Microsoft Office vulnerability.
– Hackers leaked 5.1 million Panera Bread customer records.
– Vulnerabilities allow hijacking of OpenClaw AI assistant.
– Critical React Native zero-day vulnerabilities are actively exploited.
– Funding rounds announced: RapidFort raised $42M for software supply chain security automation, Kasada raised $20M for anti-bot expansion, RADICL raised $31M for virtual SOC.
– Default ICS credentials exploited in a destructive attack on Polish energy infrastructure.
– Articles and whitepapers provided on securing AI-native apps and cybersecurity best practices.
– Coverage on supply chain attacks such as eScan Antivirus malware delivery and Notepad++ supply chain hack by China.
– Updates on Microsoft disabling NTLM and global cybersecurity cooperation initiatives.
– The email rounds out with multiple sponsored and virtual event promotions.
These summaries are distilled from the provided comprehensive cybersecurity newsletter text focusing on key incidents, vulnerabilities, and developments in AI security, ransomware, state-sponsored attacks, and regulatory/legal issues reported in early February 2026.
Stay Well!
