Cyber: ⚡ Weekly Recap: AI Skill Malware, 31tbps Ddos, Notepad++ Hack, Llm...

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths.

A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even trusted AI workflows. Instead of breaking security controls head-on, they’re slipping into places that already have access.

This recap brings together those signals — showing how modern attacks are blending technology abuse, ecosystem manipulation, and large-scale targeting into a single, expanding threat surface.

OpenClaw announces VirusTotal Partnership — OpenClaw has announced a partnership with Google's VirusTotal malware scanning platform to scan skills that are being uploaded to ClawHub as part of a defense-in-depth approach to improve the security of the agentic ecosystem. The development comes as the cybersecurity community has raised concerns that autonomous artificial intelligence (AI) tools' persistent memory, broad permissions, and user‑controlled configuration could amplify existing risks, leading to prompt injections, data exfiltration, and exposure to unvetted components. This has also been complemented by the discovery of malicious skills on ClawHub, a public skills registry to augment the capabilities of AI agents, once again demonstrating that marketplaces are a gold mine for criminals who populate the store with malware to prey on developers. To make matters worse, Trend Micro disclosed that it observed malicious actors on the Exploit.in forum actively discussing the deployment of OpenClaw skills to support activities such as botnet operations. Another report from Veracode revealed that the number of packages on npm and PyPI with the name "claw" has increased exponentially from nearly zero at the start of the year to over 1,000 as of early February 2026, providing new avenues for threat actors to smuggle malicious typosquats. "Unsupervised deployment, broad permissions, and high autonomy can turn theoretical risks into tangible threats, not just for individual users but also across entire organizations," Trend Micro said. "Open-source agentic tools like OpenClaw require a higher baseline of user security competence than managed platforms."

Traditional firewalls and VPNs aren’t helping—instead, they’re expanding your attack surface and enabling la

Source: The Hacker News