Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to their owners for every package already published. In this Help Net Security video, Ax Sharma, Head of Research at Manifold Security, breaks down how 23 code-executing plugins ended up under ClawHub’s official @openclaw and @clawhub scopes while … More →
The post 23 ClawHub plugins squatting official scopes expose AI registry security gaps appeared first on Help Net Security.
AryStinger Botnet Uses Intranet Scanning and Traffic Tunneling to Hide Attacker Activity
A newly analyzed botnet family, AryStinger, weaponizes long‑neglected routers and NAS appliances to build a stealthy reconnaissance and relay infrastructure that helps attackers obscure origin
.webp?w=0&resize=0,0&ssl=1 "North Korean Hackers Abuse Mastra npm Supply Chain to Target Developers and CI/CD Pipelines")