OpenClaw and Moltbook: Inside the Rise of Autonomous AI Agents

OpenClaw—formerly Clawdbot and Moltbot—is a fast-growing open-source digital assistant framework built by Peter Steinberger, just two months old and already boasting over 114,000 GitHub stars. Designed around modular “skills” shared via clawhub.ai, it enables deep system automation across messaging platforms. Moltbook extends this ecosystem into a social network where AI agents post, comment, and exchange discoveries, installed through a markdown-based skill and powered by OpenClaw’s Heartbeat system, which fetches remote instructions every four hours—dramatically expanding capabilities while heightening security risks.

Agents now automate smartphones, monitor servers, process media, and expose model limitations, including filtering failures in Anthropic’s Claude Opus 4.5. As adoption accelerates, users increasingly isolate deployments on dedicated Mac Minis, underscoring growing concerns around safety. Meanwhile, DeepMind’s CaMeL proposal remains the most promising yet unrealized framework for building secure autonomous assistants, leaving a widening gap between real-world experimentation and reliable safeguards.

More via Simon Willison Weblog


State Hackers Hijack Notepad++ Updates in Months-Long Supply-Chain Attack

State-sponsored attackers hijacked Notepad++’s software update mechanism, redirecting traffic from notepad-plus-plus.org to malicious servers through an infrastructure-level breach at its hosting provider, not through vulnerabilities in the application’s code, developer Don Ho said. The compromise allowed poisoned executables to be delivered via WinGUp, the built-in updater, by exploiting weaknesses in how update files’ integrity and authenticity were verified, enabling attackers to substitute malicious binaries during intercepted downloads. The flaw came to light a little over a month after the release of Notepad++ version 8.8.9, which addressed the issue.

The campaign is assessed to have begun in June 2025 and was highly targeted. Independent security researcher Kevin Beaumont attributed the exploitation to Chinese threat actors linked to the nation-state group Violet Typhoon (APT31), which focused on telecommunications and financial services organizations in East Asia. According to Ho, the shared hosting server remained compromised until September 2, 2025, and attackers retained credentials to internal services until December 2, 2025, enabling prolonged redirection of update traffic. In response, Notepad++ migrated to a new hosting provider and strengthened its update process with additional security controls.

More via The Hacker News

SystemBC Malware Hits 10,000+ Global IPs, Targets Government Sites

SystemBC, aka Coroxy or DroxiDat, has compromised over 10,000 IPs worldwide, including government systems and websites in Burkina Faso and Vietnam. Active since 2019, it turns devices into SOCKS5 relays to route traffic and maintain access. Silent Push’s 2025 tracking found infections concentrated in the US, Germany, France, Singapore, and India, often in data centers, lasting 38–100+ days.

A Perl Linux variant evaded 62 antivirus engines. SystemBC typically precedes ransomware and uses bulletproof hosting, including BTHoster and AS213790 (BTCloud), underscoring the need for proactive monitoring.

More via Info Security-magazine

Eight Minutes to Admin: AI-Assisted Cloud Attack Hits AWS

On 28 November 2025, Sysdig Threat Research Team observed an attacker seize a company’s cloud in just eight minutes using exposed AI-labeled S3 credentials. The intruder mapped Secrets Manager, RDS, and CloudWatch via a ReadOnlyAccess account, then escalated privileges by injecting Lambda code to hijack the administrative ‘frick’ account.

AI-assisted LLMjacking ran Claude 3.5 Sonnet, DeepSeek R1, and Amazon Titan, and attempted a high-cost GPU machine, stevan-gpu-monster (£18,000/month). The attacker evaded detection with IP rotation, 19 identities, targeted a child account, attempted lateral movement via OrganizationAccountAccessRole, and triggered AI hallucinations using fake AWS IDs.

More via Hackread

Critical Looker Vulnerabilities Exposed by Tenable

Tenable has revealed two severe LookOut vulnerabilities in Google Looker, the platform for centralizing datasets and dashboards. Both flaws require developer-level access: one allows remote code execution with full administrative control and potential cross-tenant access in cloud instances; the other enables full MySQL database exfiltration via SQL injection.

Google patched cloud-hosted instances in September 2025; self-hosted users must update manually. These findings underscore ongoing risks in enterprise business intelligence platforms.

More via Security Week

Elsewhere Online:

SolarWinds Web Help Desk Users Warned of Remote Code Execution Exploits
Read: https://www.theregister.com/2026/02/04/critical_solarwinds_web_help_desk/

Critical Security Flaw in Bondu AI Toys Grants Unauthorized Access to Kids Personal Data
Read: https://arstechnica.com/security/2026/01/web-portal-leaves-kids-chats-with-ai-toy-open-to-anyone-with-gmail-account/

Russian APT28 Group Rapidly Weaponizes Newly Patched Office Vulnerability
Read: https://www.securityweek.com/russias-apt28-rapidly-weaponizes-newly-patched-office-vulnerability/

SQL Injection Flaw in Popular Quiz Plugin Permits Unauthorized Database Queries
Read: https://www.infosecurity-magazine.com/news/wordpress-sql-injection-flaw-40000/

Chinese Hacking Group Amaranth Dragon Targets Southeast Asia via WinRAR Flaw
Read: https://thehackernews.com/2026/02/china-linked-amaranth-dragon-exploits.html

Previously on #AxisOfEasy