Tag: marketplace
-
ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control.”Our vulnerability lives in the core system itself no plugins, no marketplace, no user-installed extensions just the bare OpenClaw gateway, running exactly as documented,” Oasis…
-
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web
OpenClaw has sparked heavy Telegram and dark web chatter, but Flare’s data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills marketplace, yet limited signs of large-scale criminal operationalization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-openclaw-hype-analysis-of-chatter-from-open-source-deep-and-dark-web/
-
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users
ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from over 12 million CarGurus accounts. CarGurus is a U.S.-based digital automotive marketplace that helps users research, compare, and connect with sellers of new and used vehicles. Operating in the U.S.,…
-
ClawHavoc Infects OpenClaw’s ClawHub with 1,184 Malicious Skills, Exposing Data Theft Risks
A large-scale supply chain poisoning campaign dubbed ClawHavoc has hit OpenClaw’s official skill marketplace, ClawHub, with at least 1,184 malicious “Skills” historically published on the platform. The incident highlights how fast-growing AI agent ecosystems can become high-value malware distribution channels when plugins are easy to publish and users routinely grant agents broad system access. OpenClaw (previously known…
-
New Sophisticated ‘Carding-as-a-Service’ Marketplaces Fuel Surge in Credit Card Fraud
Credit card fraud has matured into a service-based criminal economy where stolen cards, malware, and support are bundled and sold like commercial products. Underground “dump shops” such as Findsome, UltimateShop, and Brian’s Club now operate as full-fledged carding-as-a-service (CaaS) marketplaces, mirroring legitimate e”‘commerce platforms in usability, scale, and customer focus. At the core of this ecosystem is…
-
Was CISOs über OpenClaw wissen sollten
Tags: ai, api, authentication, browser, bug, chrome, ciso, cloud, crypto, cyberattack, ddos, DSGVO, firewall, gartner, github, intelligence, Internet, jobs, linkedin, LLM, malware, marketplace, mfa, open-source, risk, security-incident, skills, software, threat, tool, update, vulnerabilityLesen Sie, welches Sicherheitsrisiko die Verwendung von OpenClaw in Unternehmen mit sich bringt.Das neue Tool zur Orchestrierung persönlicher KI-Agenten namens OpenClaw früher Clawdbot, dann Moltbot genannt erfreut sich aktuell großer Beliebtheit. Die Open-Source-Software kann eigenständig und geräteübergreifend arbeiten, mit Online-Diensten interagieren und Workflows auslösen kein Wunder, dass das Github-Repo in den vergangenen Wochen Millionen von…
-
New XWorm RAT Campaign Leverages Phishing and CVE-2018-0802 Excel Exploit to Bypass Detection
Tags: attack, control, cve, cyber, cybercrime, data, ddos, detection, exploit, marketplace, phishing, ransomware, rat, theft, windowsXWorm, a multi-functional .NET”‘based RAT first observed in 2022, remains actively traded across cybercrime marketplaces and continues to attract both low-skilled and advanced operators thanks to its rich feature set and plugin-based architecture. Once deployed, it enables full remote control of compromised Windows systems, including data theft, remote desktop control, DDoS attacks, and ransomware execution.…
-
‘Dead’ Outlook add-in hijacked to phish 4,000 Microsoft Office Store users
Tags: banking, breach, browser, chrome, control, credentials, credit-card, data, finance, google, infrastructure, malicious, marketplace, microsoft, office, password, phishingoutlook-one.vercel.app, hosted on the Vercel development platform, from which users download the software.”Microsoft reviews the manifest, signs it, and lists the add-in in their store. But the actual content the UI, the logic, everything the user interacts with is fetched live from the developer’s server every time the add-in opens,” said Koi Security’s researchers. By…
-
AMOS infostealer targets macOS through a popular AI app
AMOS infostealer is targeting macOS users by abusing popular AI apps and extension marketplaces to harvest credentials. Flare examines how AMOS operates, spreads through AI-driven lures, and feeds the broader stealer-log cybercrime economy. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amos-infostealer-targets-macos-through-a-popular-ai-app/
-
AMOS infostealer targets macOS through a popular AI app
AMOS infostealer is targeting macOS users by abusing popular AI apps and extension marketplaces to harvest credentials. Flare examines how AMOS operates, spreads through AI-driven lures, and feeds the broader stealer-log cybercrime economy. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/amos-infostealer-targets-macos-through-a-popular-ai-app/
-
News alert: GitGuardian raises $50M to tackle non-human identities crisis, AI agent security gap
NEW YORK, Feb. 11, 2026, CyberNewswire, GitGuardian, a leading secrets and Non-Human Identity (NHI) security platform and #1 app on GitHub Marketplace, today announced a $50 million Series C funding round led by global software investor Insight Partners”¦ (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/news-alert-gitguardian-raises-50m-to-tackle-non-human-identities-crisis-ai-agent-security-gap/
-
OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace
OpenClaw added VirusTotal scanning to its ClawHub marketplace to curb the spread of malicious AI agent skills. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openclaw-adds-virustotal-scanning-to-ai-agent-marketplace/
-
âš¡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths.A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps,…
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
OpenClaw integrates VirusTotal malware scanning as security firms flag enterprise risks
Tags: access, ai, api, control, crowdstrike, crypto, cybersecurity, data, data-breach, email, exploit, gartner, github, governance, injection, macOS, malicious, malware, marketplace, network, risk, security-incident, skills, software, threat, tool, virus, vulnerabilityWhat prompted the response: The scanning initiative follows a series of security incidents documented by multiple firms over the past two weeks. Koi Security’s February 1 audit of all 2,857 ClawHub skills discovered 341 malicious ones in a campaign dubbed “ClawHavoc.”The professional-looking skills for cryptocurrency tools and YouTube utilities contained fake prerequisites that installed keyloggers…
-
OpenClaw Taps VirusTotal to Safeguard AI Agent Skill Ecosystem
As AI agents move from experimental chatbots to powerful tools capable of managing our finances and smart homes, security has become the top priority. Today, OpenClaw announced a major partnership with VirusTotal to bring advanced threat detection to ClawHub, its marketplace for AI skills. Why AI Agents Need Special Protection Traditional software is rigid; it…
-
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
OpenClaw (formerly Moltbot and Clawdbot) has announced that it’s partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem.”All skills published to ClawHub are now scanned using VirusTotal’s threat intelligence, including their new Code Insight capability,”…
-
OpenClaw reveals meaty personal information after simple cracks
Skills marketplace is full of stuff – like API keys and credit card numbers – that crims will find tasty First seen on theregister.com Jump to article: www.theregister.com/2026/02/05/openclaw_skills_marketplace_leaky_security/
-
30 Jahre Haft: Darknet-Marktplatz betrieben und Drogenhändler abgezockt
Incognito Market galt als einer der größten Darknet-Marktplätze, auf dem tonnenweise Drogen gehandelt wurden. Der Betreiber wurde jetzt verurteilt. First seen on golem.de Jump to article: www.golem.de/news/incognito-market-30-jahre-haft-fuer-betrieb-eines-riesigen-drogen-marktplatzes-2602-205027.html
-
30 Jahre Haft: Darknet-Marktplatz betrieben und Nutzer abgezockt
Incognito Market galt als einer der größten Darknet-Marktplätze, auf dem tonnenweise Drogen gehandelt wurden. Der Betreiber wurde jetzt verurteilt. First seen on golem.de Jump to article: www.golem.de/news/incognito-market-30-jahre-haft-fuer-betrieb-eines-riesigen-drogen-marktplatzes-2602-205027.html
-
Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring
A Taiwanese man was sentenced to 30 years for running Incognito Market, a major darknet drug site that sold over $105 million in illegal drugs. Rui-Siang Lin (24) was sentenced to 30 years in prison for running Incognito Market, a major darknet drug marketplace that sold over one ton of narcotics. The Taiwanese man pled…
-
Owner of Incognito dark web drugs market gets 30 years in prison
A Taiwanese man was sentenced to 30 years in prison for operating Incognito Market, one of the world’s largest online narcotics marketplaces that sold over $105 million worth of illegal drugs to customers worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/taiwanese-man-gets-30-years-for-operating-dark-web-drug-market/
-
Abuse of OpenClaw AI Capabilities Enables Stealthy Malware Campaigns
Tags: ai, attack, automation, backdoor, cyber, malicious, malware, marketplace, skills, supply-chain, threatHundreds of malicious skills are distributed through OpenClaw’s marketplace, transforming the popular AI agent ecosystem into a new supply chain attack vector. Threat actors are weaponizing the platform’s extensibility features to deliver droppers, backdoors, and infostealers disguised as legitimate automation tools.”‹ OpenClaw Skills Become Malware Distribution Channel OpenClaw is a self-hosted AI agent that executes…
-
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks.ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It’s an extension to the OpenClaw project, a…
-
Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
A security audit of 2,857 skills on ClawHub has found 341 malicious skills across multiple campaigns, according to new findings from Koi Security, exposing users to new supply chain risks.ClawHub is a marketplace designed to make it easy for OpenClaw users to find and install third-party skills. It’s an extension to the OpenClaw project, a…
-
BreachForums Breach Exposes Names of 324K Cybercriminals, Upends the Threat Intel Game
The BreachForums marketplace has suffered a leak, exposing the identities of nearly 324,000 cybercriminals. This incident highlights a critical shift in cyberattacks, creating opportunities for law enforcement while demonstrating the risks associated with breaches in the cybercriminal ecosystem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/breachforums-breach-exposes-names-of-324k-cybercriminals-upends-the-threat-intel-game/
-
Empire Market co-founder faces 10 years to life after guilty plea
Empire Market co-founder Raheim Hamilton pleaded guilty to U.S. drug conspiracy charges in Chicago, facing a mandatory 10 years to life in prison. Raheim Hamilton (30) of Virginia, co-creator of the dark web marketplace Empire Market, pleaded guilty in Chicago to a federal drug conspiracy charge. Empire Market allowed users to anonymously buy and sell…