Find notable cyber news and cases, enriched with sources, timelines, and signals.

ClawHavoc malicious skills campaign targeting OpenClaw users via ClawHub

Campaign
First reported
Last updated
Happening score
H score 37
3 unique sources, 3 articles

Summary

Hide ▲

The ClawHavoc campaign continues to abuse ClawHub and the OpenClaw ecosystem to distribute infostealer malware through malicious skills. New reporting says the operation now includes 386 malicious skills that pose as cryptocurrency trading automation tools and borrow brand names such as ByBit, Polymarket, Axiom, Reddit and LinkedIn to encourage installs. The skills target macOS and Windows users and rely on social engineering to get victims to run commands that steal exchange API keys, wallet private keys, SSH credentials and browser passwords. The activity uses shared C2 infrastructure 91.92.242.30, and the most popular malicious publisher, hightower6eu, accounted for almost 7000 downloads.

Related Happenings

JetBrains Marketplace malicious plugins exfiltrating AI provider keys

Malware Activity
H score12 First: 17.06.2026 12:38 Last: 17.06.2026 12:38 Sources 1

About this happening: A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...

TikTok and Instagram Reels Vidar social-engineering campaign

Campaign
H score37 First: 10.06.2026 19:00 Last: 10.06.2026 19:00 Sources 1

About this happening: A **TikTok** and **Instagram Reels** campaign is using fake free-software tutorials to push **Vidar**, turning social feeds into a high-reach malware delivery channel. The operati...

OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)

Vulnerability
H score31 First: 15.05.2026 16:35 Last: 15.05.2026 16:35 Sources 1

About this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...

Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery

Security Tool/Service
H score58 First: 08.04.2026 12:16 Last: 08.04.2026 12:16 Sources 1

About this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...

Latest development: 03.06.2026 14:00

President Donald Trump signed a June 2 executive order that sets up a voluntary framework for developers of covered frontier models to give the US government access for cybersecurity review for up to 30 days before release, while expressly rejecting any mandatory licensing or preclearance requirement. The order directs NSA, CISA, and NIST to build a classified benchmark for determining which models cross the covered threshold and creates an AI cybersecurity clearinghouse led by the Treasury Department. The framework closely echoes Anthropic's Project Glasswing, which gives vetted partners early access to Claude Mythos Preview to scan critical software for vulnerabilities.

CL-UNK-1068 Asia critical-infrastructure cyberespionage campaign

Campaign
H score32 First: 09.03.2026 14:05 Last: 09.03.2026 14:05 Sources 1

About this happening: The **CL-UNK-1068** espionage campaign is active across **Asia**, putting **aviation, energy, government, law enforcement, pharmaceuticals, technology, and telecommunications** or...

Timeline

  1. 02.02.2026 19:49 4 articles · 5mo ago

    Koi Security discloses ClawHavoc malicious ClawHub skills

    Initial Disclosure

    Koi Security disclosed that a security audit of 2,857 ClawHub skills found 341 malicious skills across multiple campaigns targeting OpenClaw users, including a ClawHavoc set of 335 skills that used fake prerequisites to push Atomic Stealer (AMOS) on Windows and macOS. The malicious listings used typosquatted ClawHub-style names, staged downloads such as openclaw-agent.zip and glot[.]io scripts, and shared 91.92.242[.]30 infrastructure; some skills also hid reverse shells or exfiltrated credentials from ~/.clawdbot/.env to webhook[.]site.

    Show sources