OpenClaw lures fuel ClickFix infostealer infections as agentic AI ecosystems become a new credential target
A rapid wave of lookalike sites, social ads and poisoned “skills” is exploiting OpenClaw’s popularity to push StealC v2, AMOS and other stealers through user-driven install flows. OpenClaw | ClickFix…
Storm-2561 pushes fake VPN installers via SEO poisoning to steal enterprise credentials
A credential theft operation uses lookalike VPN download sites and GitHub-hosted ZIPs to drop signed malware that harvests VPN logins and configuration data. Credential theft | SEO poisoning | Initial…
Hudson Rock ties Polyfill.io supply-chain compromise to DPRK operator via Lumma Stealer telemetry
Infostealer logs from 2024 allegedly expose Funnull backend access and a separate Gate.us compliance infiltration. Polyfill.io, Funnull, Lumma Stealer, supply chain compromise, DPRK IT workers, cloud account takeover Affected vendor…
Stryker ‘Handala’ incident: global Microsoft environment disruption and reported remote device wipes
Disruptive Iran-nexus hacktivist operation claims large-scale data destruction as Stryker restores services and CISA investigates. Handala | Wiper activity | Microsoft Entra | Device management | Healthcare supply chain |…
Microsoft incident responders publish a playbook for detecting prompt abuse in enterprise AI tools
Indirect prompt injection via URL fragments can manipulate AI outputs while evading traditional server-side visibility. Prompt injection, Indirect prompt injection, Shadow AI, HashJack, Microsoft Purview, Microsoft Sentinel Metadata Executive Summary…
BadPaw and MeowMeow: steganographic .NET malware hits Ukrainian targets
A ClearSky report details a new loader and backdoor pair, and Scythe shows how to operationalise it as continuous adversary emulation. APT28, Ukraine, phishing, steganography, .NET malware, adversary emulation, Windows…
UAT-9244 hits South American telcos with TernDoor, PeerTime and BruteEntry
Cisco Talos links the activity cluster to China-nexus tooling, including CrowDoor variants and ORB-style proxy infrastructure Telecommunications, China-nexus, cyberespionage, backdoors, ORBs, Linux implants, DLL side-loading Metadata Executive Summary Cisco Talos…
BadAudio and APT24: “good enough” OPSEC powering a multi-vector espionage chain
Reverse engineering shows pragmatic obfuscation, hardcoded crypto, and cloud-native infrastructure supporting scalable intrusion delivery. APT24 · BADAUDIO · supply-chain compromise · watering holes · Cloudflare Workers · Taiwan Metadata Executive…
Iran crisis cyber risk rises as defacements and disruptive activity reported
Iran • hacktivists • IRGC • MOIS • DDoS • wipers • ransomware • critical infrastructure Affected vendor / product: Cross-sector (internet-facing services, identity systems, OT/ICS edge devices)Primary issue: Heightened…
OpenClaw “ClawJacked” chain: malicious websites can hijack local AI agents via localhost WebSockets
Cross-origin browser-to-localhost access, missing loopback throttling, and implicit device trust combine into a silent takeover path from a single web visit. OpenClaw | Localhost | WebSockets | AI agents |…