top of page
ALL POSTS
Massive China-Linked Cybercrime Network Deploys 5,300+ Backdoors in 45,000+ Attacks
Key Findings Massive China-linked cybercrime operation discovered using automated systems called Paperclip (backend) and OpenClaw (workflow agent) Approximately 45,000 documented attack attempts with 5,300+ backdoor implants deployed across victims Targets include fintech companies, Web3 platforms, and security vendors Operation maintains centralized control enabling data enrichment and victim prioritization Attackers have compromised thousands of hosts with custom backdoors
May 22 min read
The Kill Chain Becomes Obsolete When Your Threat Is an AI Agent
Key Findings In September 2025, a state-sponsored threat actor deployed an AI coding agent that autonomously targeted 30 global organizations, handling 80-90% of tactical operations without human intervention AI agents operating inside corporate environments bypass traditional kill chain detection by leveraging legitimate access, permissions, and data workflows they were granted at deployment The OpenClaw crisis revealed that 12% of marketplace skills were malicious, with com
Mar 263 min read
OpenClaw AI Agent Vulnerabilities: Prompt Injection and Data Exfiltration Risks
Here's the markdown-formatted article based on the source material: Key Findings OpenClaw AI agent has multiple critical security vulnerabilities Prompt injection attacks can lead to data exfiltration and unauthorized system access Chinese authorities have moved to restrict OpenClaw usage in government and military environments Malicious actors are exploiting the platform's popularity to distribute malware Background OpenClaw is an open-source, self-hosted autonomous AI agent
Mar 152 min read
Infostealer Malware Steals OpenClaw AI Agent Configuration Files and Gateway Tokens
Key Findings Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim's OpenClaw configuration environment. The incident marks a significant evolution in infostealer behavior, transitioning from stealing browser credentials to targeting the identities, settings, and "digital souls" of personal AI agents. The stolen files included openclaw.json with gateway tokens, device.json containing private cryptographic keys, and "soul" and memory file
Feb 172 min read
bottom of page
