Risky Bulletin Risky Bulletin: Plone CMS stops supply-chain attack
Feb 4, 2026
A halted supply‑chain sabotage against a CMS and a six‑month compromise of Notepad++ servers that pushed targeted backdoor updates. A spike in malicious OpenClaw skills and a massive API token leak. French police raids tied to AI deepfake nudity probes and companies disabling license‑plate readers after unauthorized access.
AI Snips
Chapters
Transcript
Episode notes
Supply-Chain Inserted Code Targeted Developers
- A threat actor inserted credential-stealing code into the Plone CMS project by compromising a developer's account token.
- GitHub's team said the malicious changes targeted developers, not site visitors, and were removed before release.
OpenClaw Skills And Token Leak Surge
- Malicious OpenClaw skills ballooned from 28 to 400 in a week, often stealing credentials or deploying malware.
- A misconfigured database also exposed over 1.5 million API tokens and agent messages for the Maltbook platform.
Scan Extensions For Malicious Patterns
- OpenVSX will scan VS Code extensions for malicious code, typo-squats and leaked credentials to curb malware.
- Relying on marketplace scanning reduces the risk from self-replicating extensions like Glassworm.