Probably better to keep the claw closed.

OpenClaw, the AI assistant that’s become globally popular in recent months, is increasingly being used by attackers as a threat vector. On March 4, cybersecurity platform provider Huntress debuted research showing that threat actors are using open-source repositories for OpenClaw installs to infect systems.

Report author Jai Minton, Huntress senior manager of detection engineering and threat hunting, told IT Brew that the exploit he discovered, which was shut down by GitHub, worked by giving users a false install that instead delivered malware via a packer known as Stealth Packer.

“In OpenClaw, there have been malicious skills files that are out there in the wild at the moment, but this is a separate issue,” Minton said. “Instead of doing that, they’re making their own malware look like the legitimate installers for OpenClaw, or Claude, or whatever the hot tool of the day is.”

Learn what the imposter does to your firewall.—EH

VPNs can help communications stay secure—but they also present an attack vector in the wrong hands, according to a 2025 year in review from Dragos. The operational-technology cybersecurity company highlighted recent attack paths from a range of ransomware actors, hacktivists, and coordinated groups interested in accessing and disrupting critical operations.

Dragos revealed that attackers are getting into OT environments via access gateways like virtual private networks (VPNs), with almost 3 out of 4 use cases (73%) involving the active exploitation or credential reuse of VPNs, “jump hosts,” and other remote-access points.

“Adversaries have realized these are highly connected environments, and they’re targeting them directly, and those targeting them directly is a much lower barrier of entry than going through all of the enterprise security stack to get to it,” CEO Robert M. Lee told reporters on Feb. 10, adding that Dragos tracked 3,318 ransomware attacks on industrial organizations in the last year. (Dragos tracked just under 1,700 industrial-org ransomware attacks in 2024.)

The company has also noted that adversaries have progressed from lurking in systems to actively creating playbooks for disruption.

See what plays they’re running.—BH

According to some experts, ransomware is one of the biggest cybersecurity threats facing the private sector today. It’s crucial that organizations understand the risk of being attacked and how to handle the event if it happens—including an emergency plan.

How much risk am I at? Ransomware affects “everybody left, right, and center,” according to Rishika Desai, a threat researcher and technical writer at BforeAI.

Experts like Paul Caiazzo, the chief threat officer at Quorum Cyber, agree with that assessment. He said that ransomware is “the most salient, pressing threat” for many organizations.

“There’s not a bigger, more disruptive cybersecurity threat that your average organization is going to face,” Caiazzo said. “There are some organizations that may be more concerned about espionage-related adversaries or attacks, but the ransomware scourge is so prolific that [it] doesn’t matter what size organization you are, whether or not you think you’re a target—you are a target, even opportunistically.”

Many ransomware attacks are identified and stopped before the actual ransom attempt, which makes it difficult to ascertain the attackers’ ultimate plans. However, according to Sophos Principal Threat Researcher Keith Jarvis, ransomware is “probably the largest slice” of the cybercrime pie.

What’s your plan?—CN