Research reveals over 4,500 Clawdbot/Moltbot instances are publicly exposed, allowing attackers to extract sensitive data like API keys and WhatsApp session credentials. The vulnerabilities stem from insecure design, misconfigured dashboards, and excessive permissions. Immediate action is recommended for users to mitigate risks.

Researchers discovered 60 malicious packages on NPM designed to collect sensitive host and network information, sending it to a Discord webhook. These packages, which were uploaded under misleading names, posed a significant risk for targeted network attacks, and although reported, some remained available for download at the time of writing. Additionally, another campaign involved eight typosquatting packages capable of deleting files and corrupting data, which had been present on NPM for two years.