AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

mediumnews

securitypolicy

Source: The Hacker NewsFebruary 9, 2026

Summary

This recap highlights how attackers are exploiting trusted tools and marketplaces rather than breaking security controls directly. Key threats include malicious skills appearing in ClawHub (a registry for AI agent add-ons), a record-breaking 31.4 Tbps DDoS attack (a flood attack that overwhelms servers with massive traffic), and compromised update infrastructure for Notepad++ being used to distribute malware. The pattern shows attackers are abusing trust in updates, app stores, and AI workflows to gain access to systems.

Solution / Mitigation

OpenClaw has announced a partnership with Google's VirusTotal malware scanning platform to scan skills uploaded to ClawHub as part of a defense-in-depth approach to improve security. Additionally, the source notes that open-source agentic tools like OpenClaw require users to maintain higher baseline security competence than managed platforms.

Classification

Attack Type

Supply ChainPrompt InjectionData Extraction

Attack SophisticationModerate

Affected Vendors

Related Issues

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attackTechCrunch

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

Original source: https://thehackernews.com/2026/02/weekly-recap-ai-skill-malware-31tbps.html

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 85%