Risky Bulletin: Plone CMS stops supply-chain attack

11 snips

Feb 4, 2026

A halted supply‑chain sabotage against a CMS and a six‑month compromise of Notepad++ servers that pushed targeted backdoor updates. A spike in malicious OpenClaw skills and a massive API token leak. French police raids tied to AI deepfake nudity probes and companies disabling license‑plate readers after unauthorized access.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

OpenClaw Skills And Token Leak Surge

Malicious OpenClaw skills ballooned from 28 to 400 in a week, often stealing credentials or deploying malware.
A misconfigured database also exposed over 1.5 million API tokens and agent messages for the Maltbook platform.

ADVICE

Scan Extensions For Malicious Patterns

OpenVSX will scan VS Code extensions for malicious code, typo-squats and leaked credentials to curb malware.
Relying on marketplace scanning reduces the risk from self-replicating extensions like Glassworm.

ANECDOTE

Paris Raids Linked To AI Nude-Image Feature

French authorities and Europol raided X's Paris offices over child sexual abuse images and deepfakes tied to a new AI feature.
Elon Musk and former CEO Linda Yaccarino were summoned to hearings in April related to the investigation.

Get the Snipd Podcast app to discover more snips from this episode