Malicious packages flood OpenClaw registry in malware campaign

Masquerading as legitimate cryptocurrency trading automation tools, the packages, known as u201cskills,u201d deliver data-stealing malware.

Latest Security News

View Archive →

Security News

According to CERT-UA, the flaw was weaponized within a day of Microsoftu2019s disclosure.

February 3, 2026 2 min read

Security News

The malicious updates embedded the GlassWorm malware loader and were pushed to users through normal update mechanisms.

February 2, 2026 2 min read

Security News

The attack involved an infrastructure-level breach at Notepad++u2019s hosting provider, not vulnerabilities in the applicationu2019s source code.

February 2, 2026 3 min read

Security News

Mandiant is tracking the activity across multiple threat clusters, including UNC6661, UNC6671, and UNC6240.

🕒 February 2, 2026 • 2 min read

Security News

Flare says it found more than 208,500 publicly exposed MongoDB servers, including 3,100 that required no authentication.

🕒 February 2, 2026 • 2 min read

Security News

In brief: Ivanti, Microsoft and Fortinet fix zero-days, eScan hit with a supply chain attack, and more.

🕒 January 30, 2026 • 21 min read