Top news stories this week
- Clawpocalypse now! Cybercriminals exploit OpenClaw AI assistant to spread malware.
- Back (up) for good. Ransomware threat actors exfiltrate data but choose not to encrypt.
- Penny dropped. Accidental third-party insider leak confirmed at Coinbase.
- Lessons learned? Cybercriminals target parents after failed initial extortion attempts.
- Child’s play. AI-enabled toy records children’s conversations with inadequate security.
- Data cycle. Subscriber data from Seoul City’s bike-sharing system, Ttareungi, potentially exposed in compromise.
1. Cybercriminals exploit OpenClaw AI assistant to spread malware
The OpenClaw AI personal assistant, previously known as ClawdBot and MoltBot, has been abused by cybercriminals who gained remote access to users’ systems through misconfigured OpenClaw administrator interfaces. The attackers also leveraged the platform in a supply chain attack by injecting info‑stealing malware onto users' devices.
So what?
Organisations must carefully evaluate the security risks associated with using AI assistants. Misconfigured AI agents can leak and misuse accessed data, so training on the risks associated with AI tools is vital.
[Researcher: Milda Petraityte]
2. Ransomware threat actors exfiltrate data but choose not to encrypt
Iron Mountain, a data storage and recovery services company, has disclosed that a recent data breach claimed by the Everest threat actor group was limited to marketing materials. In this incident, the attackers chose not to encrypt their victim’s systems, focusing on data exfiltration.
So what?
The strategic tactic by threat actors of limiting their actions to just exfiltrating data may be a result of generally improved backup processes on the part of companies, instead leveraging the threat of leaking sensitive data.
[Researcher: Lester Lim]
3. Accidental third-party insider leak confirmed at Coinbase
A small number of Coinbase customers were subject to a data breach after a contractor accidentally disclosed customer information through a support tool screenshot. While Coinbase has contacted those impacted, it is unclear if any threat actors were involved in the initial breach or if has been a purely accidental data leak.
So what?
Third-party risks include malicious and accidental insider risks. It is important to ensure that operational security measures are clear with employees and any Business Process Outsourcing centres, especially where access to critical or sensitive data is granted.
[Researcher: Jenny Eysert]
4. Cybercriminals target parents after failed initial extortion attempts
A group of Belgian parents became the target of extortion demands after cybercriminals failed to extort their primary victim, a high school in Antwerp. The cybercriminals initially demanded EUR 15,000, but after the school refused to pay, the hackers turned their attention to individual victims.
SO WHAT?
Extortion risks extend beyond the organisation itself. Organisations should be prepared for the possibility that a cyberattack could evolve to target individuals directly.
[Researcher: Jenny Eysert]
5. AI-enabled toy records children’s conversations with inadequate security
Bondu, the maker of AI-enabled toys, left over 50,000 chat logs of children unprotected through its web portal. The portal, containing conversation transcripts, was accessible using only a Gmail account. Bondu has since secured the portal and released a statement addressing these concerns.
So What?
This issue highlights the growing concern with data privacy and AI. Organisations seeking to deploy AI capabilities in their products or services must ensure robust security and governance.
[Researcher: Steve Ross]
6. Seoul’s bike sharing service suffers suspected data breach
Seoul Metropolitan Police and Metropolitan Government has launched a joint emergency response center after discovering a breach of the city’s bike sharing service, Ttareungi. While the full extent of the data breach is under investigation, the original incident (believed to have occurred in 2024) is suspected to impact approximately 4.5 million users.
SO WHAT?
With increasing regulatory scrutiny of data security, it is important for organisations to understand where critical data resides within their environment, and evaluate the controls required to protect data and detect it’s unauthorised movement.
[Researcher: Adelaide Parker]
