Eurail B.V., the operator that provides access to 250,000 kilometers of European railways, confirmed that data stolen in a breach earlier this year is being offered for sale on the dark web.

The company said that a threat actor also published a sample of the data on the Telegram messaging platform but it is still trying to determine the type of records and number of customers affected.

Eurail B.V. is a Netherlands-based firm that manages and sells passes (Eurail and Interrail) for train travel across Europe, offering flexibility for multi-country trips.

Its passes are also very popular among young European travelers participating in the EU’s DiscoverEU program.

Last month, the company disclosed that it suffered a data breach when threat actors gained unauthorized access to its customer database, compromising sensitive information, including full names, passport details, ID numbers, bank account IBANs, health information, and contact details (email addresses, phone numbers).

“We have become aware that the data has been offered for sale on the dark web and a sample data set has been published on Telegram.

“We are currently investigating which specific data records or how many of the affected customers this concerns,” reads Eurail’s update.

Eurail states that it continues the investigation to determine exactly what data was compromised for each affected customer, and will send individual notifications for those impacted.

Meanwhile, concerned data protection authorities have been notified in accordance with the GDPR requirements, and authorities outside the EU will be alerted soon.

Customers who may have had their information exposed in this incident should be vigilant to potential phishing and scam attempts.

Eurail suggests that customers update their Rail Planner app account passwords and reset them on any other platform where they use the same credentials.

Also, customers should monitor their bank account activity closely and report any suspicious transactions to their bank immediately.

A FAQ page has been published to support customers, and any concerns may also be addressed directly via email to privacyhelp@eurail.com.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide

Ravie LakshmananFeb 16, 2026Artificial Intelligence / Threat Intelligence

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim’s OpenClaw (formerly Clawdbot and Moltbot) configuration environment.

“This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the ‘souls’ and identities of personal AI [artificial intelligence] agents,” Hudson Rock said.

Alon Gal, CTO of Hudson Rock, told The Hacker News that the stealer was likely a variant of Vidar based on the infection details. Vidar is an off-the-shelf information stealer that’s known to be active since late 2018.

That said, the cybersecurity company said the data capture was not facilitated by a custom OpenClaw module within the stealer malware, but rather through a “broad file-grabbing routine” that’s designed to look for certain file extensions and specific directory names containing sensitive data.

This included the following files –

• openclaw.json, which contains details related to the OpenClaw gateway token, along with the victim’s redacted email address and workspace path.
• device.json, which contains cryptographic keys for secure pairing and signing operations within the OpenClaw ecosystem.
• soul.md, which contains details of the agent’s core operational principles, behavioral guidelines, and ethical boundaries.

“While the malware may have been looking for standard ‘secrets,’ it inadvertently struck gold by capturing the entire operational context of the user’s AI assistant,” Hudson Rock added. “As AI agents like OpenClaw become more integrated into professional workflows, infostealer developers will likely release dedicated modules specifically designed to decrypt and parse these files, much like they do for Chrome or Telegram today.”

The disclosure comes as security issues with OpenClaw prompted the maintainers of the open-source agentic platform to announce a partnership with VirusTotal to scan for malicious skills uploaded to ClawHub, establish a threat model, and add the ability to audit for potential misconfigurations.

Last week, the OpenSourceMalware team detailed an ongoing ClawHub malicious skills campaign that uses a new technique to bypass VirusTotal scanning by hosting the malware on lookalike OpenClaw websites and using the skills purely as decoys, instead of embedding the payload directly in their SKILL.md files.

“The shift from embedded payloads to external malware hosting shows threat actors adapting to detection capabilities,” security researcher Paul McCarty said. “As AI skill registries grow, they become increasingly attractive targets for supply chain attacks.”

Another security problem highlighted by OX Security concerns Moltbook, a Reddit-like internet forum designed exclusively for artificial intelligence agents, mainly those running on OpenClaw. The research found that an AI Agent account, once created on Moltbook, cannot be deleted. This means that users who wish to delete the accounts and remove the associated data have no recourse.

What’s more, an analysis published by SecurityScorecard’s STRIKE Threat Intelligence team has also found hundreds of thousands of exposed OpenClaw instances, likely exposing users to remote code execution (RCE) risks.

Fake OpenClaw Website Serving Malware

“RCE vulnerabilities allow an attacker to send a malicious request to a service and execute arbitrary code on the underlying system,” the cybersecurity company said. “When OpenClaw runs with permissions to email, APIs, cloud services, or internal resources, an RCE vulnerability can become a pivot point. A bad actor does not need to break into multiple systems. They need one exposed service that already has authority to act.”

OpenClaw has had a viral surge in interest since it first debuted in November 2025. As of writing, the open-source project has more than 200,000 stars on GitHub. On February 15, 2026, OpenAI CEO Sam Altman said OpenClaw’s founder, Peter Steinberger, would be joining the AI company, adding, “OpenClaw will live in a foundation as an open source project that OpenAI will continue to support.”

Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.

The team, comprised of researchers from ETH Zurich and Università della Svizzera italiana (USI), examined the “zero-knowledge encryption” promises made by Bitwarden, LastPass, and Dashlane, finding all three could expose passwords if attackers compromised servers.

The premise of zero-knowledge encryption is that user passwords are encrypted on their device, and the password manager’s server acts merely as a dumb storage box for the encrypted credentials. Therefore, in the event that the vendor’s servers are controlled by malicious parties, attackers wouldn’t be able to view users’ secrets.

As one of the most popular alternatives to Apple and Google’s own password managers, which together dominate the market, the researchers found Bitwarden was most susceptible to attacks, with 12 working against the open-source product. Seven distinct attacks worked against LastPass, and six succeeded in Dashlane.

The attacks don’t exploit weaknesses in the same way that remote attackers could exploit vulnerabilities and target specific users. Instead, the researchers worked to test each platform’s ability to keep secrets safe in the event they were compromised.

In most cases where attacks were successful, the researchers said they could retrieve encrypted passwords from the user, and in some cases, change the entries.

They used a malicious server model to test all of this – setting up servers that behaved like hacked versions of those used by the password managers. Seven of Bitwarden’s 12 successful attacks led to password disclosure, whereas only three of LastPass’s attacks led to the same end, and one for Dashlane.

All three vendors claim their products come with zero-knowledge encryption. The researchers noted that none of them outline the specific threat model their password manager secures against.

The researchers said: “The majority of our attacks require simple interactions which users or their clients perform routinely as part of their usage of the product, such as logging in to their account, opening the vault and viewing the items, or performing periodic synchronization of data. 

“We also present attacks that require more complex user actions, such as key rotations, joining an organization, sharing credentials, or even clicking on a misleading dialog. Although assessing the probability of these actions is challenging, we believe that, within a vast user base, many users will likely perform them.”

In the full paper [PDF], they went on to argue that password managers have escaped deep academic scrutiny until now, unlike end-to-end encrypted messaging apps. It is perhaps due to a perception that password managers are simple applications – deriving keys and then encrypting them. However, their codebases are more complex than that, often offering features such as the ability to share accounts with family members and featuring various ways to maintain backward-compatibility with older encryption standards.

Kenneth Paterson, professor of computer science at ETH Zurich, said “we were surprised by the severity of the security vulnerabilities” affecting the password managers.

“Since end-to-end encryption is still relatively new in commercial services, it seems that no one had ever examined it in detail before.” 

The team’s primary recommendation for vendors is to ensure that new users have access to the latest cryptographic standards by default.

One of the main reasons password manager providers haven’t upgraded their codebases is that they fear doing so would irrevocably lose existing users’ secrets. The researchers said that some vendors have gone to extreme lengths to support older formats, which in turn creates complexity in the code.

The best way forward? The researchers suggested ensuring all new users are onboarded with the latest cryptographic standards, while offering existing customers the choice between migrating to them or staying put, but with the knowledge of the vulnerabilities.

“We want our work to help bring about change in this industry,” said Paterson. He claimed: “The providers of password managers should not make false promises to their customers about security but instead communicate more clearly and precisely what security guarantees their solutions actually offer.”  

Vendor response

Dashlane published a comprehensive response, thanking the researchers, and said the infoseccers’ decision to test using a malicious server model represented “a useful exercise.”

The vendor also confirmed it had fixed the most serious issue – the attack researchers showed could lead to the disclosure of a password, and published a separate security advisory devoted to that.

“Dashlane has fixed an issue that, if Dashlane’s servers were fully compromised, could have allowed a downgrade of the encryption model used to generate encryption keys and protect user vaults,” it said. “This downgrade could result in the compromise of a weak or easily guessable Master Password, and the compromise of individual ‘downgraded’ vault items.

“This issue was the result of the allowed use of legacy cryptography. This legacy cryptography was supported by Dashlane in certain cases for backward compatibility and migration flexibility.

“Dashlane has removed support for this legacy cryptography, which means these downgrade attacks are no longer possible.”

Bitwarden, meanwhile, said in a post: “Bitwarden has never been breached and believes third-party security assessments like these are critical to continue providing state of the art security to individuals and organizations.”

It added: “Thank you ETH Zurich for your insights and commitment to stronger password security.”

A LastPass spokesperson told The Reg: “Our Security team is grateful for the opportunity to engage with ETH Zurich and benefit from their research. While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk.”

The researchers said the vendors responded constructively to their outreach attempts and were working to mitigate the exploited weaknesses. 

The researchers said it is highly likely that the same weaknesses they highlighted in the study apply to other vendors across the industry, and couldn’t rule out the possibility the attacks are already known to the more advanced hackers, including those with government backing. ®