More Malicious OpenClaw Skills Threaten AI Supply Chain
OpenClaw removed five packages from its ClawHub skills marketplace that bypassed security checks even though they included infostealers and other threats.
Marketplace security concerns include fraud, account abuse, data exposure, and attacks that compromise online transactions and user accounts.
Search across headline titles and summaries.
Background for this topic.
A marketplace is an online platform that connects buyers and sellers. In security coverage, the term commonly describes legitimate stores for security software, managed services, cloud integrations, and threat-intelligence products, but it can also mean underground markets offering stolen credentials, malware, exploits, or access to compromised systems.
For defenders, legitimate marketplaces introduce supply-chain and third-party risks: a tool may be tampered with, collect more data than expected, or receive excessive access to systems. Evaluate publisher identity, package provenance and signatures, permissions, update practices, data handling, and contractual controls before deployment. Underground-market listings can provide leads about exposed accounts or vulnerabilities, but claims may be fraudulent, and acquiring or handling stolen data can create legal, privacy, and evidentiary problems. Security teams should validate such intelligence through authorized sources and use confirmed exposure to guide credential resets, access revocation, vulnerability remediation, and monitoring.
Weekly headline count for the current query.
OpenClaw removed five packages from its ClawHub skills marketplace that bypassed security checks even though they included infostealers and other threats.
lso Tuesday, the Treasury Department took action against the same Cambodian company, Huione Group, and affiliates. The post Justice Department seizes infrastructure used by cyber scam and criminal marketplace appeared first on CyberScoop.
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts
Cybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace
At least 15 malicious plugins found on the JetBrains Marketplace were designed to steal AI API keys from developers. [...]
French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. [...]
Michele Spagnuolo allegedly placed multiple trades on the prediction marketplace, abusing internal access to Google’s nonpublic data on the most searched people in 2025. The post Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket appeared first on CyberScoop.
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]
Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace
Spanish police have arrested the suspected administrator of German dark web marketplace Crimenetwork
German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, and arrested its operator. [...]
World's largest biomedical dataset lifted and shifted on Chinese mega marketplace Updated Details of volunteers of UK-based Biobank, which describes itself as the custodian of the world's most comprehensive biomedical dataset, are for sale on Chinese ecommerce site Alibaba.…
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. [...]
The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control
Crooks claim they helped themselves to over 37M accounts during January hit on subcontractor French online marketplace ManoMano is warning customers their personal data was siphoned off after a cyberattack hit one of its customer support subcontractors – and criminals are already claiming the haul is far larger than the company's carefully worded notice suggests.…