Originally reported by Security Affairs
TL;DR
New infostealer targets AI agent configs, Eurail data surfaces on dark web markets, Apple advances encrypted RCS messaging.
Covers OpenClaw AI agent configuration theft (new attack vector), Eurail data breach with dark web sales, and Apple encrypted RCS testing. Severity driven by active data breach and emerging infostealer capability.
Cybersecurity researchers at Hudson Rock have documented a significant evolution in information stealer tactics: the targeting of personal AI agent configurations. The researchers discovered an infostealer that successfully exfiltrated a victim's OpenClaw configuration environment, previously known as Clawdbot and Moltbot.
This development represents a tactical shift for threat actors, expanding beyond traditional credential harvesting to target the emerging ecosystem of personal AI assistants and automation tools. As AI agents become more integrated into personal and professional workflows, their configuration data presents a new high-value target containing potentially sensitive operational parameters and access credentials.
The OpenClaw platform, designed for autonomous AI agent deployment, stores configuration data that could provide attackers with insight into victims' automated processes, connected services, and operational patterns. Hudson Rock's analysis suggests this represents the leading edge of a broader trend targeting AI-adjacent infrastructure.
Eurail B.V. has confirmed that traveler data stolen in an earlier security breach is now being actively marketed on dark web platforms. The company's disclosure represents an escalation from the initial breach notification, indicating that threat actors have moved from data exfiltration to monetization.
The availability of travel data on dark web markets presents multiple threat vectors. Such datasets typically contain personally identifiable information, travel patterns, and payment card details that can be leveraged for identity theft, targeted phishing campaigns, or physical security threats against high-value individuals.
Eurail's confirmation of dark web sales underscores the importance of rapid incident response and customer notification protocols. The company's disclosure suggests ongoing monitoring of criminal marketplaces to track the disposition of stolen data.
Apple has integrated end-to-end encrypted Rich Communications Services (RCS) messaging into the iOS and iPadOS 26.4 developer beta builds. The feature, currently in testing phase, is planned for deployment across iOS, iPadOS, macOS, and watchOS platforms in future updates.
The implementation represents Apple's continued expansion of encrypted communication capabilities beyond its proprietary iMessage protocol. RCS encryption addresses the security gap in cross-platform messaging between iOS and Android devices, which previously relied on unencrypted SMS/MMS protocols.
Apple's documentation notes that end-to-end encryption functionality remains under development, with final implementation details subject to change before public release. The integration aligns with industry-wide trends toward standardized encrypted messaging protocols while maintaining Apple's emphasis on user privacy and security.
Originally reported by Security Affairs