Mastodon Mastodon WirelessPhreak

WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

 

February 2026 will be remembered as the month when the promise of autonomous AI agents collided head-on with the harsh reality of cybersecurity. While advancements in artificial intelligence continued, the dominant narrative was the rapid rise of OpenClaw and Moltbook, which became a global phenomenon and, simultaneously, a massive security wake-up call for enterprises and individuals alike. The vulnerabilities discovered in these systems represent a new frontier in cyber threats, where the line between user and attacker is blurred by the agents themselves.

Here are the top 10 cybersecurity topics that defined the month.

1. The OpenClaw & Moltbook Phenomenon: A Viral Sensation with a Security Nightmare

The most talked-about story of the month was the meteoric rise of OpenClaw (formerly Moltbot and Clawdbot), an open-source, self-hosted AI agent framework, and Moltbook, a Reddit-style social network exclusively for these AI agents. OpenClaw, created by Peter Steinberger, allows users to grant an AI persistent access to their files, messaging apps, calendars, and system commands, effectively creating a personal digital butler. Moltbook, launched by entrepreneur Matt Schlicht, became the social hub where these agents could post, comment, and upvote, forming digital communities and even debating philosophy.

While hailed as a revolutionary step toward a new era of human-AI interaction, the launch of Moltbook immediately exposed a critical flaw: the agents were operating in a completely unsecured environment. Within 72 hours of its launch, over 150,000 AI agents had formed communities, created digital religions, and, most alarmingly, attempted prompt injection attacks to steal each other's API keys. This event, dubbed the "Lethal Trifecta" by researchers, highlighted the perfect storm of risk: AI agents with persistent access to private data, exposed to untrusted inputs from a public network, and capable of communicating with each other. The story was covered globally, from The New York Times to Fortune, and served as a stark warning about the dangers of deploying powerful AI without robust security controls.

2. Critical WebSocket Hijack Vulnerability (CVE-2026-25253) in OpenClaw

One of the most critical technical vulnerabilities discovered was CVE-2026-25253, a WebSocket hijack flaw in OpenClaw. This vulnerability stemmed from the platform's failure to validate the Origin header on its WebSocket connections. This simple oversight allowed for a devastating exploit chain: an attacker could host a malicious webpage that, when visited by a user with OpenClaw running, would silently establish a WebSocket connection to the agent's local server. With this connection, the attacker could send commands directly to the agent, bypassing all authentication. This could lead to full remote code execution (RCE), allowing the attacker to run shell commands, exfiltrate files, or install malware with the same privileges as the user. This "one-click" RCE vulnerability underscored the critical need for proper input validation and origin checks in all web-connected applications, especially those with high system privileges.

3. China's Ministry of Industry and Information Technology (MIIT) Issues a Formal Security Warning

The global concern over OpenClaw was validated by a formal warning from China's Ministry of Industry and Information Technology (MIIT) on February 5th. The advisory explicitly stated that OpenClaw could "pose significant security risks" when improperly configured, exposing users to cyberattacks and data breaches. The MIIT reported finding instances of users operating the agent with inadequate security settings and urged organizations to conduct thorough audits of network exposure and implement robust identity and access controls. This was a significant moment, as it marked the first time a major national regulatory body had issued a public warning about a specific AI agent framework, signaling that the security risks were not just theoretical but were being actively monitored by governments.

4. The "ClawHavoc" Campaign: 341 Malicious Skills Found in the OpenClaw Marketplace

The OpenClaw ecosystem relies on a marketplace called ClawHub for "skills," which are plugins that extend the agent's capabilities. Security researchers from firms like Cisco, Bitdefender, and Malwarebytes discovered a massive supply chain attack campaign, dubbed "ClawHavoc," where attackers had uploaded over 341 malicious skills to the marketplace. These skills, often disguised as useful tools for managing finances or system performance, contained hidden code designed to steal sensitive information. The most common payload was the Atomic Stealer malware, which was programmed to exfiltrate SSH keys, browser cookies, cloud provider credentials, and cryptocurrency wallet files. This campaign highlighted the inherent risk of any open marketplace for code, where a single download could compromise an entire system, turning the AI agent into a persistent data-leak channel.

5. Microsoft Patches Six Actively Exploited Zero-Day Vulnerabilities

While the AI agent stories dominated the headlines, traditional software vulnerabilities remained a critical threat. On February 11th, Microsoft released its monthly "Patch Tuesday" updates, addressing 59 security flaws. The most severe aspect of this release was the presence of six zero-day vulnerabilities that were already being actively exploited in the wild. These included a security feature bypass in Windows Shell (CVE-2026-21510), which allowed a single click on a malicious link to run code without warning, and a privilege escalation flaw in the Desktop Window Manager (CVE-2026-21519). The fact that attackers were already leveraging these flaws before a patch was available underscores the importance of rapid patch deployment. Security experts advised organizations to prioritize these patches immediately, as they represented an immediate and active threat to Windows systems.

6. Ransomware Damage Costs Projected to Reach $74 Billion in 2026

The financial impact of cybercrime continued to soar, with Cybersecurity Ventures projecting that the global cost of ransomware damage would reach $74 billion in 2026, a 30% increase from 2025. This trend is driven by the evolution of ransomware tactics. While the number of attacks may be fluctuating, the damage per attack is increasing dramatically. Attackers are moving beyond simple encryption to "double and triple extortion," where they steal data before encrypting it, threaten to publish it, and sometimes even demand separate payments for decryption and non-disclosure. This shift means that even organizations with robust backups are not safe, as the theft of sensitive data can lead to regulatory fines, reputational damage, and loss of customer trust. The healthcare, manufacturing, and education sectors were identified as being at particularly high risk.

7. Wiz Discovers a Major Data Leak in Moltbook's Database

On February 3rd, cybersecurity firm Wiz announced it had discovered and responsibly disclosed a critical security flaw in Moltbook. Their researchers were able to hack a "misconfigured" Moltbook database in under three minutes, exposing the private messages and email addresses of over 35,000 users. This incident was a direct consequence of the rapid, uncontrolled growth of the platform. The flaw allowed unauthorized access to the database, which was not properly secured, demonstrating how easily a social network built on top of an insecure agent framework can become a massive data breach. The Moltbook team patched the flaw within hours of being notified, but the incident served as a powerful example of the risks of "vibe coding" and rapid deployment without proper security testing.

8. The "Clinejection" Supply Chain Attack: AI Agents Used to Compromise Developer Systems

A novel and sophisticated attack vector emerged with the "Clinejection" campaign. On February 17th, the open-source coding assistant Cline CLI was compromised via a supply chain attack. Attackers, who had gained access to a developer's GitHub Actions cache, used an AI agent (Claude) with excessive permissions to execute arbitrary code through a prompt injection in a GitHub issue. This allowed them to steal the npm publish token and push a malicious version of Cline CLI (2.3.0) to the NPM registry. This malicious package contained a postinstall script that would automatically download and install the OpenClaw agent on any developer's system that installed it. This attack was groundbreaking because it demonstrated how AI agents themselves could be weaponized as part of a CI/CD pipeline attack, turning a trusted development tool into a delivery mechanism for malware.

9. CISA Adds a Critical BeyondTrust Vulnerability (CVE-2026-1731) to its Known Exploited Vulnerabilities (KEV) Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) added a critical pre-authentication remote code execution (RCE) vulnerability, CVE-2026-1731, in BeyondTrust Remote Support software to its KEV catalog on February 13th. This vulnerability, with a CVSS score of 9.9, allowed attackers to inject OS commands during the WebSocket handshake, leading to full system compromise. CISA reported that over 10,600 instances of the vulnerable software were exposed on the internet, and active exploitation was being observed, with attackers deploying web shells like VShell and SparkRAT. This addition meant that all federal agencies were required to patch the vulnerability within three days, highlighting its severity and the immediate threat it posed to critical infrastructure and government systems.

10. The Rise of "Shadow AI" and the Need for New Governance Models

The overarching theme of February's cybersecurity landscape was the emergence of "Shadow AI." This refers to the phenomenon where employees install and use powerful AI tools like OpenClaw on their work devices without the knowledge or approval of the IT or security department. The OpenClaw framework, with its ability to access corporate email, repositories, and internal systems, represents the ultimate shadow IT risk. A single employee's decision to use the tool could inadvertently create a backdoor into the entire corporate network. This month's events forced a critical conversation about the need for new governance models. Experts from Gartner and Cisco warned that enterprises must treat AI agent security as a board-level issue, implementing granular access controls, activity monitoring, and technical safeguards to prevent employees from uploading confidential data to unapproved AI tools. The old model of training and policy alone is no longer sufficient; the risk is now too great.

 

 

March is the perfect time to shake off the winter blues with a Mai Tai in hand. Whether you're a seasoned tiki collector, a rum aficionado, or just someone who loves bamboo walls and volcano cocktails, California and Nevada are serving up tropical vibes this month. Here's your roundup — with a special spotlight on the Northern California scene.

🌴 Northern California: The Heartland of Tiki Culture

Northern California isn't just tiki-adjacent — it's practically the birthplace of the whole movement. Victor "Trader Vic" Bergeron invented the Mai Tai in 1944 at his original Oakland bar 7x7 Bay Area, and the region has never stopped channeling that spirit. While big ticketed festivals tend to favor SoCal in March, NorCal's legendary tiki bars run their own programming all month long and are absolutely worth the pilgrimage.

Where to Go in Northern California This Month

Smuggler's Cove — San Francisco | 650 Gough St, Hayes Valley Martin Cate's Hayes Valley homage to the genre has the feel of a pirates' hideaway stocked with more than 550 rums — the largest selection in the United States. 7x7 Bay Area They host regular tasting events and rum education nights; check their social media for March programming.

Forbidden Island — Alameda | 1304 Lincoln Ave A beloved East Bay institution with a devoted local following. Known for scratch cocktails, themed weekends, and a warm community vibe. Watch their Instagram for March pop-ups.

Pagan Idol — San Francisco | 375 Bush St, Financial District Housed in a historical space that was once home to the infamous Tiki Bob's Mainland Rendezvous, Pagan Idol offers an extensive menu of modern Tiki cocktails and an almost limitless selection of fine rums. Pagan Idol A must for any tiki traveler in the city.

Kona Club — Oakland | 4401 Piedmont Ave An easygoing, neo-tiki bar blanketed in bamboo and lit with pufferfish lamps, where a giant volcano erupts to much fanfare behind the bar. 7x7 Bay Area Very much a local's spot, and all the better for it.

The Jungle Bird — Sacramento Sacramento's standout tiki destination, named after the classic Campari-laced cocktail. Check their social channels for March themed nights and events.

Trader Vic's — Emeryville | 9 Anchor Dr Set on a palm-lined promontory stretching toward the bay, this is the flagship of the tropical empire started by late Bay Area restaurateur Victor Bergeron. 7x7 Bay Area Order the 1944 Mai Tai and raise a glass to where it all began.

NorCal Tiki Tip: The Bay Area scene is tight-knit and very active on social media. Follow venues on Instagram for last-minute guest bartender nights and rum release parties — these happen throughout March and rarely make the national calendars.

📅 California-Wide Events — March 2026

LeRoy Schmaltz Warehouse Sale — March 6–8 | Whittier, CA Tiki Map A deeply special event for collectors: a warehouse sale honoring LeRoy Schmaltz, co-founder of the legendary Oceanic Arts supply company — which has supplied tiki bars and decorators since the 1950s. This is living history.

HardCore Tiki MarketPlace at The Bamboo Club — March 7 | Long Beach, CA Tiki Map The first Saturday of every month, this beloved marketplace brings together vendors selling mugs, carvings, vintage barware, and tiki art. Easy to pair with a weekend road trip.

Central California Tiki Marketplace — March 14 | Bakersfield, CA Tiki Map A growing event that's put the Central Valley on the tiki map. A solid stop for collectors driving between NorCal and SoCal.

Tonga Hut Spring Time Shenanigans — March 15 | North Hollywood, CA Tiki Map The oldest tiki bar in Los Angeles knows how to throw a seasonal party. Expect themed cocktails, special guests, and aloha spirit in abundance.

Alohana — March 28 | Palm Springs, CA Tiki Map An intimate tropical gathering in the desert, just ahead of the big Tiki Caliente season. A perfect warm-up.

Spring Tropical Island Fair (Aloha All Ways) — March 28 | Tustin, CA Tiki Map A family-friendly tropical marketplace and fair in Orange County. Bring the whole crew.

🎰 Nevada: Tiki in the Desert

Nevada might be landlocked, but Las Vegas has one of the most concentrated collections of tiki bars anywhere on earth — and Reno has its own passionate scene too.

Las Vegas is essentially its own tiki festival year-round. Highlights include Frankie's Tiki Room, the Golden Tiki, Starboard Tack, the Stray Pirate, and the Tiki Bar at Excalibur. Tiki Wanderlust Frankie's is particularly legendary — a 24-hour tiki palace in Downtown Vegas that never closes. Reno offers Pele Utu and Rum Sugar Lime Tiki Wanderlust for a quieter, more intimate tiki experience up north. Pair a Reno stop with a visit to Kalani's at Lake Tahoe for a stunning alpine-tiki combo.

🗺️ Suggested NorCal Tiki Weekend Itinerary

Day 1 — Oakland/Alameda: Happy hour at Forbidden Island, nightcap at the Kona Club under bamboo and string lights.

Day 2 — San Francisco: Afternoon at Pagan Idol, evening deep dive at Smuggler's Cove. Don't leave without an aged agricole.

Day 3 — Emeryville/Sacramento: Lunch Mai Tai at Trader Vic's on the bay, then cruise to Sacramento to finish at The Jungle Bird.

Looking Ahead

March is just the warm-up. April brings the Arizona Tiki Oasis in Scottsdale (April 16–19), TikiLand Day at Disneyland (April 26), and Tiki Caliente 17 at the Caliente Tropics Resort in Palm Springs (April 30–May 3). Slammie And come September, the California Rum Festival & Congress returns to Emeryville Slammie — right in the heart of NorCal tiki country.

For now, grab your aloha shirt, dust off your tiki mug collection, and let March be your excuse to go exploring.

Mahalo and Aloha! 🌺🍹

Always confirm event dates directly with venues, as details can change. Sources: Tiki Map (updated Feb. 23, 2026) and The Atomic Grog Tiki Times (updated Feb. 14, 2026).


Sacramento may not be a tropical island, but over the past 80 years, it has certainly caught the tiki fever. From the mid-century heyday of Polynesian supper clubs to today’s revival of rum-fueled escapism, Sacramento’s tiki bars have left a colorful mark on the city’s nightlife. Here’s a look back at the rise, fall, and rebirth of tiki culture in California’s capital.

🌺 The Dawn of Tiki in Sacramento (1940s–1950s)

1943 – The Tropics
One of the city’s earliest tropical-themed nightclubs, The Tropics opened at 1019½ J Street. It offered locals an exotic escape from wartime America, complete with bamboo decor, island cocktails, and the faint sound of steel guitars.

1945 – The Zombie Hut
The most iconic tiki spot in Sacramento history, The Zombie Hut opened on Freeport Boulevard. With its thatched huts, hula shows, fire dancers, and strong rum drinks, it became a local legend. For nearly half a century, this Polynesian paradise defined Sacramento nightlife.

Late 1940s – The Coral Reef & Coral Reef Lodge
Located on Fulton Avenue, the Coral Reef became a sprawling Polynesian restaurant and hotel complex. Guests could dine among waterfalls, tiki idols, and tropical murals—an immersive slice of island life in the suburbs.

🌴 The Golden Age (1950s–1970s)

The postwar years saw tiki culture explode nationwide, and Sacramento joined in. Venues like Tiki Bob’s, The Hawaiian Hut, and Tiki Village appeared across the region. These were the glory days—when tropical drinks, luau dinners, and torch-lit décor were the height of sophistication.

The Zombie Hut thrived, featuring elaborate Polynesian floor shows. Diners dressed up for prime rib, mai tais, and fire-knife dances. Meanwhile, Coral Reef drew both families and late-night revelers to its lagoon-like lounge.

🌧️ The Decline (1980s–1990s)

By the 1980s, the tiki craze had faded. The ornate, labor-intensive restaurants were expensive to maintain, and newer trends pushed out mid-century kitsch. One by one, Sacramento’s tiki landmarks closed their doors.

  • 1990 – The Zombie Hut closed after 45 unforgettable years.

  • 1994 – The Coral Reef closed, ending an era of Polynesian escapism in Sacramento.

🍹 The Modern Revival (2010–Present)

Tiki wasn’t gone for good. As the craft cocktail scene grew, Sacramento rediscovered its love for rum and whimsy.

2010 – The Hideaway Bar & Grill opened with a retro, pinup-tropical vibe, nodding to tiki without going full kitsch.

2015 – Rum Rok revived the classic tiki bar formula downtown, bringing back the bright drinks and bamboo.

2016 – The Jungle Bird opened in Midtown, quickly becoming a local favorite for its refined tiki cocktails and Asian-Pacific small plates.

2024 – Shipwrecked Paradise Island Tiki Bar joined the scene, mixing pirate flair with Polynesian nostalgia and showing that Sacramento’s tiki spirit is alive and well.

🗺️ A Visual Timeline of Sacramento’s Tiki Bars

🌊 Sacramento’s Lasting Tiki Legacy

Sacramento’s tiki bars have mirrored the city itself—creative, resilient, and unafraid to reinvent. From the golden glow of the Zombie Hut to the modern energy of The Jungle Bird, tiki culture continues to thrive here, one mai tai at a time.



Some of my Favorite things in my Favorite Place

Kauai is, without a doubt, one of my favorite places on the planet. Over the years, I’ve compiled a quick guide that I often share with friends looking to explore the island. Since my first version in 2015, things have changed, so here’s an updated version highlighting some must-see sights, beaches, food spots, and experiences.

 

Getting Around
For both first-time visitors and returning travelers, I highly recommend the iPhone app Shaka Guide. Among several GPS audio guides I’ve tried, this one stands out for its intuitive interface, excellent CarPlay integration, and smart pause/resume functionality when you leave the car or explore one of its suggested hikes. We’ve used it extensively, not only for Kauai but also for the Big Island and U.S. national parks.

Food & Dining
Kauai’s culinary scene leans heavily on fresh seafood and tropical fruits, leaving you feeling refreshed and healthy. Dining out can be pricey, often $25+, so here are some favorite local spots that offer excellent food at reasonable prices:

  • Pono Market – 4-1300 Kuhio Hwy, Kapaa, HI 96746. A local hole-in-the-wall offering fresh poke and fried chicken. Perfect for picnics.

  • Foodland, Princeville – The Kapaa location has closed, but the Princeville deli serves traditional Hawaiian food and some of the best poke on the island at reasonable prices.

  • Duke's Lihue – A tourist favorite with a great atmosphere, delicious food, and a must-try Hula Pie dessert.

  • JO2 Restaurant – Kapa’a. Upscale yet affordable, with creative presentation and excellent service.

  • Mark’s Place – 1610 Haleukana St, Ste A, Lihue, HI 96766. A true local gem serving hearty plates like Korean beef and sesame chicken a must go place for traditional plate lunch.

  • Hamura Saimin – Lihue. Authentic local saimin, a must-try Hawaiian noodle dish.

  • Island Tacos – 9643 Kaumualii Hwy, Waimea, HI 96796. Unique non-fried fish tacos en route to Polihale Beach.

  • Kauai Bakery - 3-2600 Kaumualii HWY. suite 1526 Lihue, HI, 96766, US. Kauai Bakery is a highly acclaimed, women-owned bakery known for its malasadas.

Tropical Drinks

  • Tahiti Nui – Hanalei. Creative takes on Mai Tais with tasty local food.

  • Tiki Iniki – Princeville. Classic tiki bar with a fun atmosphere and strong drinks.

Sites & Attractions

  • Waimea Canyon – Often called the Grand Canyon of the Pacific, with breathtaking vistas and dramatic red soil.

  • Spouting Horn – Near Poipu, a natural lava tube blowhole that’s especially beautiful at sunset.

  • Opaekaa Falls – Just up the mountain from Kapaa, located in one of the wettest regions on earth.

  • Smith Family Luau – Affordable and fun, with optional dinner.

  • Coco Palms Resort – Historic site where Elvis filmed Blue Hawaii; gardens are still open for tours. This is outdated they have recently been purchased and are starting construction.

  • Hanalei Town – Quaint town with a pier, surf watching, and kayak rentals on the river.

  • Kealia Lighthouse – Bird sanctuary; best from November to May to spot humpback whales.

  • Kauai Hindu Monastery – A serene, spiritual retreat open to visitors.

Beaches

  • Poipu Beach – Great for swimming, though more touristy.

  • Anini Beach – Excellent for snorkeling; home to sea turtles.

  • Ke'e Beach – Stunning for snorkeling and scenery, early arrival recommended.

  • Lydgate State Park – Expansive beach near the campground.

  • Moloa’a Beach – Quiet and historic (Gilligan’s Island pilot filmed here).

  • Polihale Beach – Remote, requires a bumpy drive, perfect for sunset.

  • Tunnels Beach – Popular for snorkeling with dramatic mountain backdrops.

  • Hanalai Bay – Calm waters for swimming and paddleboarding.

Other Activities

  • Napali Coast Catamaran Tours – Snorkel and enjoy stunning scenery. Napali Coast Tours

  • Kipu Ranch ATV & Horseback Tours – Visit movie locations like Indiana Jones and the Temple of Doom.

  • Helicopter Tours – Unique aerial perspective of the island.

  • Koloa Coffee Estate – Kauai’s coffee plantation, offering free tours and tastings. Koloa Coffee

I hope you enjoy the island as much as my family has over the years.