433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

23 ClawHub plugins squatting official scopes expose AI registry security gaps

Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to their owners for every package already published. In this Help Net Security video, Ax Sharma, Head of Research at Manifold Security, breaks down how 23 code-executing plugins ended up under ClawHub’s official @openclaw and @clawhub scopes while … More → The post 23 ClawHub plugins squatting official scopes expose AI registry security gaps appeared first on Help Net Security.
http://news.poseidon-us.com/TT8ZFJ

Who pays when you gate cyber-capable AI models?

In this interview with Help Net Security, Jaya Baloo, COO & CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the strongest argument for gating these tools, then explains where it breaks down for security teams who depend on the same capabilities for defense. Baloo argues that policymakers misread how attackers and defenders operate, that open-weight models cut both ways, and that limiting access can widen the gap … More → The post Who pays when you gate cyber-capable AI models? appeared first on Help Net Security.
http://news.poseidon-us.com/TT8TvX

Agent Beacon: Open-source telemetry layer for AI agents

AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-source project from Asymptote Labs, configures telemetry for those runtimes and writes a normalized record of what each agent does across local, CI, and cloud-agent surfaces. What Beacon collects Beacon discovers supported local runtimes on a host and configures data collection for … More → The post Agent Beacon: Open-source telemetry layer for AI agents appeared first on Help Net Security.
http://news.poseidon-us.com/TT8Ttg

Encrypted DNS still tells an eavesdropper where to look

Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone watching a network link. The encryption covers the message inside each packet. The packet still carries plaintext headers, and those values mark a flow as DNS. A new study measures this gap for the Internet of Things and offers a way to close part of it. The team studied an eavesdropper on … More → The post Encrypted DNS still tells an eavesdropper where to look appeared first on Help Net Security.
http://news.poseidon-us.com/TT8S9q

Product showcase: Avira Security for iOS blends security, privacy, and device optimization

Avira Mobile Security for iOS combines security, privacy, and device optimization tools in a single application. The app is also available for Android, macOS, and Windows devices. After downloading the application from the App Store users are guided through a short onboarding process. The application first presents information about data collection and privacy preferences, with options to accept the default settings or review them in more detail. It then requests permission to send notifications that … More → The post Product showcase: Avira Security for iOS blends security, privacy, and device optimization appeared first on Help Net Security.
http://news.poseidon-us.com/TT8S9T

Hundreds of AI-powered iOS apps found exposing credentials

Mobile app developers are packing AI features into everything from writing assistants to productivity tools and lifestyle apps. New research shows that securing access to those services remains a challenge. LLM API credential leakage via network traffic interception (Source: Research paper) Researchers from Wake Forest University analyzed 444 iOS applications with LLM features and found 282 that exposed exploitable credentials or backend access mechanisms. The affected apps covered 13 categories, including productivity, entertainment, lifestyle, education, … More → The post Hundreds of AI-powered iOS apps found exposing credentials appeared first on Help Net Security.
http://news.poseidon-us.com/TT8S7m