Cybersecurity Headlines OpenClaw targets ClawHub users, Notepad++ update delivers malware, APT28 attackers abuse Microsoft Office zero-day
21 snips
Feb 3, 2026 Malicious OpenClaw skills on Claw Hub fooled users into running crypto malware. A compromised Notepad++ update redirected installs to malicious servers. APT28 is exploiting a Microsoft Office zero-day in phishing campaigns against Ukraine and EU targets. Massive DDoS activity and SaaS extortion tactics, plus a Windows update shutdown bug and security failures in Polish energy infrastructure, make for a busy news roundup.
AI Snips
Chapters
Transcript
Episode notes
OpenClaw Skills Are High-Risk
- OpenClaw's unsandboxed, rapidly rebranding skills model made it easy to weaponize against crypto users.
- Researchers found at least 14 malicious skills on Claw Hub that fetched obfuscated commands to install malware on Windows and macOS.
Harden Your Update Pipeline
- Move critical projects away from single, trusted update hosts and harden update processes after supply-chain compromises.
- Notepad++ changed providers and strengthened its updater after attackers hijacked hosting-level update redirection.
Zero-Day Disclosure Sparked Rapid Exploitation
- Public disclosure of a Microsoft Office zero-day led to immediate APT28 exploitation across Ukraine and the EU.
- Attackers delivered malicious Word docs that pull down malware and deploy the Covenant post-exploitation framework.