According to @galnagli on Twitter, a credential harvester operating at tcoredirecting.com/tc2 has been active since November 2025, yet had no public reporting until now. The harvester specifically targets Twitter users by stealing their OAuth tokens before redirecting them to a legitimate Calendly link, disguising the malicious activity. This incident highlights significant security risks for platforms using OAuth and underscores the need for improved threat detection and user education in AI-driven authentication systems, as reported by @galnagli.

According to @galnagli on Twitter, @iangcarroll's @openclaw MacBook mini agent, hosted on a shared Discord channel, demonstrated advanced automation capabilities by conducting comprehensive security research within minutes. The agent dumped full HTML content, identified a malicious OAuth flow, discovered a credential harvester domain, pulled URLScan history, and traced domain registration. As reported by @galnagli, these features highlight the practical application of AI-powered agents in rapid threat analysis and cyber defense, presenting new business opportunities for organizations seeking automated security solutions.