CISA Advisories

4 Bugs That Break Everything 🦞 + Grafana Hit by Code Theft & Extortion

Two major security stories broke today that every business relying on AI tools or open-source infrastructure should know about. Here's what happened and why it matters.

🦞 Four Chained Bugs in OpenClaw Could Hand Attackers Full Control

Researchers at Cyera have uncovered four serious security flaws in OpenClaw — an agentic AI assistant platform — that can be chained together to devastating effect. The vulnerabilities range from a file-write escape trick (called a TOCTOU flaw) that lets attackers modify host systems, to environment variable leaks that expose secrets, to a loopback bug that grants owner-level privileges, to a read escape that exposes sensitive files.

What makes this especially dangerous is that an attacker only needs a foothold — like a malicious plugin or a crafted prompt — to kick off the chain. From there, they can steal data, escalate privileges, and establish long-term persistence on any exposed OpenClaw instance. If your organization runs OpenClaw, patch immediately and rotate any secrets that may have been exposed.

Read more →

🔑 Stolen GitHub Token Leads to Grafana Codebase Theft — and an Extortion Demand

Grafana, the wildly popular open-source observability platform used by thousands of companies, confirmed that an attacker used a stolen authentication token to access its GitHub environment and download its codebase. The attacker then demanded payment to keep the stolen data private — a classic extortion play. Grafana refused to pay, invalidated the compromised credentials, and tightened its security controls.

Investigators have linked the attack to a group known as "CoinbaseCartel," which specializes in data theft and extortion campaigns across multiple industries. This is a reminder that a single stolen token — not a sophisticated exploit — can be all it takes for attackers to gain access to your most sensitive code. Audit your GitHub tokens, rotate credentials regularly, and make sure you'd know within minutes if a token was misused.

Read more →

Stay ahead of threats with GOCO Security at gocosecurity.com.

Comments

Popular Posts