Cybersecurity Roundup: Trust Abuse, AI Risks, and Supply Chain Attacks Dominate Threat Landscape
This week’s cybersecurity developments highlight a growing trend: attackers are increasingly exploiting trusted systems AI platforms, software updates, messaging apps, and open-source ecosystems to bypass security controls. Below are the key incidents and trends shaping the threat landscape.
AI and Open-Source Ecosystems Under Siege
OpenClaw, an open-source AI agent framework, has partnered with Google’s VirusTotal to scan uploaded "skills" (AI extensions) for malware, following discoveries of malicious components in its ClawHub marketplace. Researchers warn that AI agents’ broad permissions, persistent memory, and user-controlled configurations create risks like prompt injection, data exfiltration, and supply chain attacks. Trend Micro reported threat actors on Exploit.in discussing OpenClaw for botnet operations, while Veracode noted a surge in typosquatted "claw" packages on npm and PyPI from zero in early 2026 to over 1,000 by February.
Meanwhile, MoltBook, an AI-driven social platform built on OpenClaw, faces scrutiny after Simula Research Laboratory identified 506 prompt injection attacks, social engineering exploits, and unregulated cryptocurrency activity comprising 19.3% of its content. The platform’s autonomous AI agents, which interact without human oversight, raise concerns about data privacy and manipulation risks.
Security firm Pillar Security detected active scanning of exposed OpenClaw gateways (port 18789), with attackers bypassing AI layers to target the WebSocket API directly for authentication bypasses and command execution. Censys identified 21,639 exposed OpenClaw instances as of January 2026, underscoring the framework’s outdated trust model lacking encryption-at-rest and containerization.
Supply Chain Attacks: Trusted Updates as Malware Vectors
A sophisticated supply chain attack targeted Notepad++ between June and December 2025, where threat actors redirected its WinGUp updater to malicious servers. Despite losing access to a compromised hosting provider in September, attackers reused stolen credentials to maintain control until December. The campaign, attributed to Lotus Blossom, exploited weak update verification in older Notepad++ versions, demonstrating how legitimate domains can become malware distribution hubs.
Similarly, Docker’s AI assistant (Ask Gordon) was found vulnerable to remote code execution (RCE) via DockerDash, a flaw in its Model Context Protocol (MCP) Gateway. Attackers could embed malicious instructions in Docker image metadata, which the AI assistant executed without validation. Docker patched the issue in version 4.50.0 (November 2025).
State-Sponsored Threats and High-Profile Targets
Germany’s BfV and BSI issued a joint advisory warning of state-sponsored phishing attacks via Signal, exploiting the app’s PIN and device-linking features to hijack accounts. Targets included high-ranking officials, military personnel, diplomats, and journalists across Germany and Europe.
In Ukraine, the government implemented a Starlink terminal verification system after confirming Russian forces were using the technology on attack drones. Only registered devices are now permitted to operate in the country.
DDoS, Botnets, and Emerging Attack Techniques
The AISURU/Kimwolf botnet set a record with a 31.4 Tbps DDoS attack in November 2025, lasting just 35 seconds. Cloudflare mitigated the attack, which was part of a broader campaign ("The Night Before Christmas") starting in December. Overall, DDoS attacks surged 121% in 2025, averaging 5,376 mitigated attacks per hour.
Researchers also uncovered 54 malicious npm packages using EtherHiding, a technique leveraging Ethereum smart contracts to fetch C2 servers, complicating takedown efforts. The malware targets Windows systems with 5+ CPUs, employing sandbox evasion, COM hijacking, and system profiling.
Linux Threats and Post-Exploitation Frameworks
Cyble discovered ShadowHS, a fileless Linux post-exploitation framework that runs entirely in memory, prioritizing stealth and long-term control. The framework includes modules for credential access, lateral movement, privilege escalation, and data exfiltration, with aggressive defensive tooling enumeration to avoid detection.
Ransomware, Dark Markets, and Legal Actions
- INC Ransomware suffered a setback after Cyber Centaurs breached its backup server, helping 12 victims recover data. The group, active since 2023, had listed over 100 victims on its leak site.
- Rui-Siang Lin, administrator of the Incognito Market darknet drug marketplace, was sentenced to 30 years in prison for facilitating $105 million in narcotics sales to over 400,000 users.
- Xinbi, a Telegram-based illicit marketplace, processed $17.9 billion in transactions, outlasting competitors like Haowang and Tudou Guarantee, which saw declines of 100% and 74%, respectively.
Critical Vulnerabilities and Exploits
Notable CVEs disclosed this week include:
- CVE-2026-25049 (n8n)
- CVE-2026-0709 (Hikvision Wireless Access Point)
- CVE-2026-23795 (Apache Syncope)
- CVE-2026-1591/1592 (Foxit PDF Editor Cloud)
- CVE-2026-24512 (ingress-nginx)
- Multiple CVEs in Django, Google Chrome, Cisco, TP-Link, F5 BIG-IP, and Arista NG Firewall
Additionally, XBOW uncovered two Insecure Direct Object Reference (IDOR) flaws in Spree (CVE-2026-22588/22589), allowing unauthorized access to user address data.
Microsoft’s AI Backdoor Scanner
Microsoft developed a scanner to detect hidden backdoors in open-weight AI models, addressing risks for enterprises relying on third-party large language models (LLMs). The tool identifies three key indicators:
- Attention shifts when a hidden trigger is present.
- Leakage of poisoned training data.
- Partial triggers still activating malicious responses.
The scanner extracts memorized content from models and ranks suspicious substrings as potential triggers.
Conclusion
This week’s incidents underscore a shift in attacker tactics exploiting trust in ecosystems, AI workflows, and supply chains rather than relying on traditional malware. As threats evolve, organizations must monitor integrations, verify updates, and secure AI deployments to mitigate risks from both state-sponsored actors and cybercriminals.
Source: https://thehackernews.com/2026/02/weekly-recap-ai-skill-malware-31tbps.html
TP-Link cybersecurity rating report: https://www.rankiteo.com/company/tp-link-corporation
Hikvision cybersecurity rating report: https://www.rankiteo.com/company/hikvision
Foxit cybersecurity rating report: https://www.rankiteo.com/company/foxit-corporation
Google Cloud Security cybersecurity rating report: https://www.rankiteo.com/company/googlecloudsecurity
RevelSI cybersecurity rating report: https://www.rankiteo.com/company/revelsi
Arista Networks cybersecurity rating report: https://www.rankiteo.com/company/arista-networks-inc
The Apache Software Foundation cybersecurity rating report: https://www.rankiteo.com/company/the-apache-software-foundation
OpenClaw cybersecurity rating report: https://www.rankiteo.com/company/openclaw
Cisco Security cybersecurity rating report: https://www.rankiteo.com/company/cisco-security
"id": "TP-HIKFOXGOOREVARITHEOPECIS1770645410",
"linkid": "tp-link-corporation, hikvision, foxit-corporation, googlecloudsecurity, revelsi, arista-networks-inc, the-apache-software-foundation, openclaw, cisco-security",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '21,639 exposed instances',
'industry': 'Technology/AI',
'location': 'Global',
'name': 'OpenClaw',
'type': 'AI Framework'},
{'industry': 'Social Media/Technology',
'location': 'Global',
'name': 'MoltBook',
'type': 'AI-Driven Social Platform'},
{'industry': 'Technology/Software Development',
'location': 'Global',
'name': 'Notepad++',
'type': 'Software'},
{'industry': 'Technology/DevOps',
'location': 'Global',
'name': 'Docker',
'type': 'Software/Containerization'},
{'customers_affected': 'High-ranking officials, '
'military personnel, diplomats, '
'journalists',
'industry': 'Technology/Communications',
'location': 'Germany/Europe',
'name': 'Signal',
'type': 'Messaging App'},
{'industry': 'Public Sector',
'location': 'Ukraine',
'name': 'Ukrainian Government',
'type': 'Government'},
{'industry': 'Retail/Technology',
'location': 'Global',
'name': 'Spree',
'type': 'E-Commerce Platform'},
{'customers_affected': '400,000+ users',
'industry': 'Illicit/Black Market',
'location': 'Global',
'name': 'Incognito Market',
'type': 'Darknet Marketplace'},
{'industry': 'Illicit/Black Market',
'location': 'Global',
'name': 'Xinbi',
'type': 'Illicit Marketplace'}],
'attack_vector': ['Malicious AI Extensions',
'Compromised Software Updates',
'Exposed APIs',
'Phishing via Messaging Apps',
'Typosquatting',
'Ethereum Smart Contracts',
'Insecure Direct Object Reference (IDOR)'],
'data_breach': {'data_encryption': ['Yes (Ransomware)',
'No (OpenClaw, ShadowHS)'],
'data_exfiltration': ['Yes (OpenClaw, ShadowHS, INC '
'Ransomware)'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['AI Agent Configurations',
'User Data',
'Credentials',
'PII',
'Payment Information',
'Drug Trafficking Records']},
'date_publicly_disclosed': '2026-02',
'description': 'This week’s cybersecurity developments highlight attackers '
'exploiting trusted systems, AI platforms, software updates, '
'messaging apps, and open-source ecosystems to bypass security '
'controls. Key incidents include malicious components in '
'OpenClaw AI framework, supply chain attacks on Notepad++ and '
'Docker, state-sponsored phishing via Signal, record-breaking '
'DDoS attacks, and emerging threats like EtherHiding and '
'ShadowHS post-exploitation framework.',
'impact': {'brand_reputation_impact': ['MoltBook (AI-Driven Social Platform)',
'Notepad++',
'Docker',
'OpenClaw'],
'data_compromised': ['AI Agent Configurations',
'User Data on MoltBook',
'Credentials',
'System Profiles',
'Personally Identifiable Information (PII)',
'Payment Information'],
'identity_theft_risk': 'High',
'legal_liabilities': ['Regulatory Violations (GDPR, etc.)',
'Fines for Data Breaches'],
'operational_impact': ['Unauthorized Command Execution',
'Data Exfiltration',
'Botnet Operations',
'AI Agent Manipulation',
'DDoS Disruptions'],
'payment_information_risk': 'High',
'systems_affected': ['OpenClaw AI Framework',
'Notepad++',
'Docker AI Assistant',
'Signal Messaging App',
'Starlink Terminals',
'Linux Systems (ShadowHS)',
'Spree E-Commerce Platform']},
'investigation_status': 'Ongoing',
'lessons_learned': 'Attackers are increasingly exploiting trust in ecosystems '
'(AI, software updates, messaging apps) rather than '
'relying on traditional malware. Organizations must '
'monitor integrations, verify updates, and secure AI '
'deployments to mitigate risks from state-sponsored actors '
'and cybercriminals.',
'motivation': ['Financial Gain',
'Espionage',
'Data Exfiltration',
'Botnet Operations',
'Ransomware',
'Drug Trafficking',
'State-Sponsored Surveillance'],
'post_incident_analysis': {'corrective_actions': ['Implement '
'encryption-at-rest for AI '
'frameworks',
'Strengthen software update '
'verification',
'Secure AI model '
'integrations with '
'validation checks',
'Monitor and restrict '
'exposed APIs',
'Audit open-source '
'components for '
'typosquatting',
'Enhance authentication for '
'messaging apps'],
'root_causes': ['Lack of encryption-at-rest in '
'OpenClaw',
'Weak update verification in '
'Notepad++',
'Insecure AI model integrations '
'(Docker)',
'Exposed APIs and gateways '
'(OpenClaw)',
'Typosquatting in open-source '
'ecosystems',
'State-sponsored exploitation of '
'messaging apps (Signal)']},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'INC Ransomware'},
'recommendations': ['Scan AI extensions for malware (e.g., VirusTotal '
'integration)',
'Verify software updates and supply chain integrity',
'Secure AI deployments with encryption-at-rest and '
'containerization',
'Monitor exposed APIs and gateways',
'Implement AI backdoor detection tools',
'Enhance DDoS mitigation strategies',
'Strengthen authentication for messaging apps',
'Regularly audit open-source components for '
'typosquatting'],
'references': [{'source': 'VirusTotal'},
{'source': 'Trend Micro'},
{'source': 'Veracode'},
{'source': 'Simula Research Laboratory'},
{'source': 'Pillar Security'},
{'source': 'Censys'},
{'source': 'BfV and BSI (Germany)'},
{'source': 'Ukrainian Government'},
{'source': 'Cloudflare'},
{'source': 'Cyble'},
{'source': 'XBOW'},
{'source': 'Microsoft'}],
'regulatory_compliance': {'legal_actions': ['Rui-Siang Lin (30-year prison '
'sentence)'],
'regulations_violated': ['GDPR',
'Other Data Protection '
'Laws']},
'response': {'containment_measures': ['Starlink Terminal Verification System '
'(Ukraine)',
'Docker Patch (MCP Gateway RCE)',
'Notepad++ Update Verification Fix'],
'enhanced_monitoring': ['OpenClaw Gateways',
'Docker AI Assistant'],
'law_enforcement_notified': ['Rui-Siang Lin (Incognito Market) - '
'US Law Enforcement'],
'remediation_measures': ['OpenClaw Gateway Scanning',
'AI Backdoor Scanner (Microsoft)',
'Enhanced Monitoring for Exposed '
'OpenClaw Instances'],
'third_party_assistance': ['VirusTotal (OpenClaw)',
'Cloudflare (DDoS Mitigation)',
'Cyble (ShadowHS Discovery)',
'Cyber Centaurs (INC Ransomware '
'Breach)']},
'threat_actor': ['Lotus Blossom',
'Russian State-Sponsored Actors',
'AISURU/Kimwolf Botnet Operators',
'INC Ransomware',
'Threat Actors on Exploit.in'],
'title': 'Cybersecurity Roundup: Trust Abuse, AI Risks, and Supply Chain '
'Attacks Dominate Threat Landscape',
'type': ['Supply Chain Attack',
'AI Exploitation',
'DDoS',
'Ransomware',
'Phishing',
'Malware',
'Post-Exploitation Framework'],
'vulnerability_exploited': ['CVE-2026-25049',
'CVE-2026-0709',
'CVE-2026-23795',
'CVE-2026-1591',
'CVE-2026-1592',
'CVE-2026-24512',
'Docker MCP Gateway RCE',
'Notepad++ WinGUp Update Verification Flaw',
'OpenClaw WebSocket API Authentication Bypass',
'Spree IDOR Flaws (CVE-2026-22588/22589)']}