More Malicious OpenClaw Skills Threaten AI Supply Chain
OpenClaw removed five packages from its ClawHub skills marketplace that bypassed security checks even though they included infostealers and other threats.
Marketplace security concerns include fraud, account abuse, data exposure, and attacks that compromise online transactions and user accounts.
Search across headline titles and summaries.
Background for this topic.
A marketplace is an online platform that connects buyers and sellers. In security coverage, the term commonly describes legitimate stores for security software, managed services, cloud integrations, and threat-intelligence products, but it can also mean underground markets offering stolen credentials, malware, exploits, or access to compromised systems.
For defenders, legitimate marketplaces introduce supply-chain and third-party risks: a tool may be tampered with, collect more data than expected, or receive excessive access to systems. Evaluate publisher identity, package provenance and signatures, permissions, update practices, data handling, and contractual controls before deployment. Underground-market listings can provide leads about exposed accounts or vulnerabilities, but claims may be fraudulent, and acquiring or handling stolen data can create legal, privacy, and evidentiary problems. Security teams should validate such intelligence through authorized sources and use confirmed exposure to guide credential resets, access revocation, vulnerability remediation, and monitoring.
Weekly headline count for the current query.
OpenClaw removed five packages from its ClawHub skills marketplace that bypassed security checks even though they included infostealers and other threats.
GlassWorm, a self-propagating VS Code malware first found in the Open VSX marketplace, continues to infect developer devices around the world.
Researchers discovered more than 550 unique secrets exposed in Visual Studio Code marketplaces, prompting Microsoft to bolster security measures.
Your ultimate goal shouldn't be security perfection — it should be making exploitation of your organization unprofitable.
Cyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site.
An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.
With a two-pronged approach, the group trains its hackers in penetration testing, only to set them free to build a marketplace for pen-testing services.
Regulators should apply a healthy skepticism to generative AI developments to guarantee a competitive marketplace.
The marketplace for malicious Google Play applications and app-takeover tools is thriving, thanks to novel hacking techniques and lax enterprise security.
An emerging, illicit marketplace proves that financial cybercrime is still on the rise, with a need for countries to collectively put safeguards in place.
The homepage of a widely used Dark Web forum for stolen cookies and other compromised data has been replaced by a seizure notice by the US federal law enforcement agency.
IoT risk and security must get more attention from vendors and support from the marketplace.
A security vendor's investigation of infrastructure associated with a new, crypto-focused Magecart skimmer leads to discovery of cryptoscam sites, malware distribution marketplace, Bitcoin mixers, and more.
Attackers also could breach internal production data to compromise a corporate network using vulnerabilities found in the BrickLink online platform.
Enterprises seeking asset visibility and security enabled to simplify the procurement process of Armis.
Venafi investigation of 35 million Dark Web URLs shows macro-enabled ransomware widely available at bargain prices.
OpenSea warns users that they are likely to be targeted in phishing attacks after a vendor employee accessed and downloaded its email list.
The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.