Summary5 min read

Risky Bulletin: Plone CMS Stops Supply-Chain Attack

Podcast: Risky Bulletin | Host: risky.biz
Episode Date: February 4, 2026 | Read by Claire Aird, Reported by Catalin Cimpanu

Episode Overview

This episode of the Risky Bulletin delivers a rapid-fire roundup of the latest cybersecurity news, focusing on supply-chain attacks, data leaks, law enforcement actions, major breaches, and new vulnerabilities. The headline story covers how the Plone CMS averted a targeted supply-chain compromise, with additional updates on malicious AI skills, high-profile raids, new malware, and security industry shifts.

Key Discussion Points & Insights

1. Plone CMS Supply Chain Breach Averted

[00:04-01:05]

Incident Summary:
- An attacker compromised a developer on the Plone CMS project, using their account token to insert malicious code designed to steal credentials, API keys, and crypto wallet data.
- The attack specifically targeted developers working with Plone, not end-users.
- Response: The malicious modifications were detected and removed before the code made it into release.
- Attribution: GitHub security team discovered the issue.

"A threat actor managed to insert code into the Plone CMS project, but the modifications were removed before release." – Claire Aird, [00:13]

2. Surge in Malicious OpenClaw AI Skills

[01:06-02:10]

Rapid Growth:
- Malicious skills on the Clawhub portal jumped from 28 to 400 in a single week.
- OpenClaw is an open-source AI assistant platform, formerly called Claudebot/Maltbot.
User Impact:
- Attackers use skills to steal credentials or deploy malware via add-ons.
Associated Incident:
- 1.5 million API tokens leaked from the Maltbook AI platform (OpenClaw’s social network) due to a misconfigured Supabase database.
- Leak included tokens, agent messages, and owner information.
- Cloud security firms Permeso and Wiz reported the leak.

"Security researchers recently spotted a growing number of malicious open claw skills that steal user credentials or or deploy malware." – Claire Aird, [01:21]

3. OpenVSX Marketplace Security Upgrades

[02:11-02:35]

Platform Changes:
- The Eclipse Foundation will introduce security scans for malicious code, typo-squatted names, and leaked credentials on their VS Code extension marketplace, OpenVSX.
Background:
- OpenVSX has previously hosted hundreds of malicious extensions, including “Glassworm,” a self-replicating malware.

4. X (Ex-Twitter) Office Raids and Criminal Investigation

[02:36-03:05]

Law Enforcement:
- Europol and French authorities raided X's Paris offices as part of a probe into child sexual abuse images and deepfakes allegedly generated using the platform’s Grok AI feature.
- Former and current CEOs (Elon Musk and Linda Yaccarino) summoned for April hearings.

5. Automated License Plate Reader Shutdown in Mountain View

[03:06-03:23]

City Action:
- Mountain View disabling Flock automated license plate readers after unauthorized data access by out-of-state agencies and inadequate notifications from vendor.

6. Chinese APT Hacked Notepad App Servers

[03:24-03:58]

Attack Overview:
- Rapid7 attributes a six-month breach of Notepad app servers to Chinese APT groups Billbug and Lotus Blossom.
Impact:
- Attackers shipped malicious updates to specific targets.
- They deployed a new backdoor named Chrysalis.

"A Chinese state hacking group spent six months inside the server infrastructure of the Notepad app." – Claire Aird, [03:24]

7. Ransomware, Extortion, and Cryptocurrency Thefts

[03:59-05:25]

Belgian High School Breach:
- Attackers extorting parents (€50 each) after school refused €15,000 ransom.
Step Finance Hack:
- $30 million in tokens stolen; token value dropped 80%.
CrossCurve Cryptocurrency Bridge Breach:
- $3 million stolen; CEO threatens legal action if funds not returned.
NationStates Browser Game:
- Player accessed and exfiltrated game source code, emails, passwords, IPs; has apologized.
Canada Computers Retailer:
- Skimmer attack collected card data from guest checkout users in December.

8. Meta (WhatsApp) Moves to Rust for Media Handling

[05:26-05:48]

Security Enhancement:
- Meta adopts Rust to handle WhatsApp media files, addressing memory safety vulnerabilities from legacy C/C++ code.

9. Recent Vulnerabilities & Malicious Activity

[05:49-06:45]

Citrix ADC/Netscaler Recon:
- Over 60,000 residential IPs probing for login pages.
CISA Vulnerability Updates:
- 59 KEV vulnerabilities re-categorized as ransomware attack vectors; change went unannounced.
Metro Development Server (React Native):
- OS command injection flaw targeted
Nitrogen Ransomware Issue:
- Variant corrupts VMware ESXi files irrecoverably; security firm urges not to pay ransom.

10. Underground Cybercrime Shifts

[06:46-07:19]

Globalman Exit Scam:
- Stolen code signing certificates marketplace vanishes, taking users’ funds.
Naish Team Persistence:
- Evaded Russian crackdown, reestablished infrastructure; specializes in remote access trojans since 2022.

11. Meta Ad Scams in Europe

[07:20-07:46]

Scale of Fraud:
- One third of Meta ads in Europe/UK over 23 days linked to online scams.
Attribution:
- 10 advertisers responsible for more than half of bad ads; infrastructure tied to China and Hong Kong.

"A small cluster of 10 advertisers were responsible for more than 50 of the malicious ads." – Claire Aird, [07:38]

Notable Quotes & Memorable Moments

On the Plone breach:
"The code targeted developers working with Plone rather than visitors to clone based sites." – Claire Aird, [00:33]
On supply-chain vigilance:
"The attacker compromised a developer on the project. Their personal account token was used to add code that was designed to steal credentials, API keys and crypto wallet data." – Claire Aird, [00:17]
On AI skill threats:
"Malicious skills on the Clawhub portal reached 400 on Tuesday, up from 28 last week." – Claire Aird, [01:10]
On law enforcement action:
"The French offices of social media network X have been raided by Europol and local authorities. The raids were part of a criminal investigation over child sexual abuse images and pornographic deepfakes." – Claire Aird, [02:37]
On crypto platform hacks:
"Hackers have stolen almost $30 million worth of tokens from the Step Finance Defi platform. The company says the hackers used a well known attack vector to access its treasury wallets." – Claire Aird, [04:37]

Timestamps for Key Segments

00:04 – Plone CMS supply chain attack details
01:10 – OpenClaw AI skills surge, API token leak
02:11 – OpenVSX security announcement
02:36 – X office raid
03:24 – Notepad app APT breach
03:59 – Ransomware, crypto theft news
05:26 – WhatsApp moves to Rust
05:49 – Citrix scan campaign, CISA updates
06:46 – Globalman exit scam, Naish team update
07:20 – Meta ad scam report

Tone and Style

The episode maintains a brisk, factual tone—delivering cybersecurity developments with clarity and urgency. It’s densely packed with technical detail but accessible to security professionals and a wider tech-savvy audience.

For more in-depth stories and cybersecurity analysis, tune in to future Risky Bulletin episodes.

Loading summary

Transcript1 lines

[00:04]
A
The Plone CMS stops a supply chain attack, French cops raid the Ex Paris office, the number of malicious open claw skills grows, and a Chinese APT hacked notepad servers. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 4th of February and this podcast episode is brought to you by Dropzone AI. In today's top story, a threat actor managed to insert code into the Plone CMS project, but the modifications were removed before release. The incident occurred in January. The attacker compromised a developer on the project. Their personal account token was used to add code that was designed to steal credentials, API keys and crypto wallet data, according to GitHub's security team. The code targeted developers working with Plone rather than visitors to clone based sites. In other news, the number of malicious skills on the Clawhub portal reached 400 on Tuesday, up from 28 last week. OpenClaw is an open source AI assistant that users can connect to their apps and personal accounts, add on skills from the portal, allow the AI to perform additional tasks. Security researchers recently spotted a growing number of malicious open claw skills that steal user credentials or or deploy malware. The assistant was previously known as Claudebot or Maltbot. More than 1.5 million API tokens were exposed in a backend database for the Maltbook AI platform, according to reports. The platform is a social network for OpenClaw personal AI assistants. Cloud security firms Permeso and Wiz reported on the leak. They said it exposed the API tokens, messages between agents and and information on the owners. The source of the leak was a misconfigured super based database that was left exposed on the Internet with full read and write permissions. The Eclipse foundation will roll out a series of security features for the VS code extension marketplace OpenVSX. The platform will scan extensions for malicious code, typo squatted names and accidentally included credentials. In recent months, OpenVSX has hosted hundreds of malicious extensions, including the self replicating malware Glass worm. The French offices of social media network X have been raided by Europol and local authorities. The raids were part of a criminal investigation over child sexual abuse images and pornographic deepfakes. The investigation was triggered by the Grok AI feature that allows X users to generate nude images. EX CEO Elon Musk and former CEO Linda Yaccarino have been summoned to appear at hearings in April. The California city of Mountain View will disable Flock automated license plate readers, officials say. The move comes after out of state agencies accessed the city's data without its consent. They also said Flock failed to notify them of the unauthorised access. A Chinese state hacking group spent six months inside the server infrastructure of the Notepad app. Cybersecurity firm Rapid7 has linked last year's attack to a group known as Billbug and Lotus Blossom. The attackers used the Axe access to ship malicious updates to a specific set of targets. The final payload was a novel backdoor named Chrysalis. Hackers who breached a Belgian high school are extorting parents after the school refused to pay a ransom. They're demanding €50 from each parent. The hack targeted the Our Lady Institute Pulhof School in Antwerp last month. The original ransom demand was €15,000. Hackers have stolen almost $30 million worth of tokens from the Step Finance Defi platform. The company says the hackers used a well known attack vector to access its treasury wallets. The platform's token plummeted more than 80% following the hack. Meantime, hackers have stolen $3 million from the Cross Curve cryptocurrency bridge after exploiting a bug in its smart contracts. The company's CEO, Boris Pover has threaten to take legal action against the attacker if they don't return the funds in three days. This will include a criminal complaint and a separate civil litigation. The nation states Browser game has reported a security breach. A player of the game gained access to a production server and downloaded the game's source code and user data. Nation States says emails, passwords and IP addresses were exposed. The player has apologised. It retailer Canada Computers has suffered a security breach that exposed customer card data. Malicious code was added to the Canadian company's website in December. Customers who used the guest checkout option had their payment card details and personal information collected. Meta is now using a Rust component to safely process media files shared on WhatsApp. Meta moved to Rust after the majority of WhatsApp's security flaws were caused by memory safety bugs in its C and C code. The company says it will prefer using memory safe languages like Rust for future code. Citrix devices have been targeted in a recent reconnaissance campaign. More than 60,000 residential IPs were used to search for the login pages of Citrix ADC and netscaler gateway devices. According to Greynoys, reconnaissance activity like this typically precedes exploitation. CISA has quietly updated entries for 59 vulnerabilities on the KEV list. The updates tagged the vulnerabilities as having been used in ransomware attacks. Security firm Greynoise says the updates are welcome, but most Security teams would not be aware of them since the agency didn't announce the update. Threat actors are exploiting a vulnerability in Metro, a development server that ships with the React native app framework. The vulnerability was disclosed in November and attacks started a month later. It's an unauthenticated OS command injection flaw. Security firm Voncheck has spotted attacks targeting Windows systems with PowerShell based loaders. The nitrogen ransomware contains a bug that permanently corrupts encrypted files. The bug overwrites a part of the ransomware's public key. It only impacts the variant of nitrogen that targets VMware. ESXi security firm Mzisoft has urged victims to avoid paying the attackers since since they won't be able to decrypt their files. An underground cybercrime service that sold code signing certificates has exit scammed. The certificates were used by multiple malware operations to sign their payloads. The service, Globalman, claims its source code was compromised. Funds deposited by customers have also disappeared. A cybercrime operation known as the Naish team has survived a takedown by Russian authorities. Russian security firm F6 found new server infrastructure and malware developed by the group. Russia's National Domain Registrar seized 110 domains operated by the group last July. The NIOSH team has been active since 2022 and primarily develops remote access trojans. And finally, nearly a third of Meta ads shown over 23 days in Europe and the UK pointed to online scams. A small cluster of 10 advertisers were responsible for more than 50 of the malicious ads. The ads and the scam sites shared payment and infrastructure linked to China and Hong Kong. Gendigital believes this is an indicator of an organised industrial scale operation. And that is all for this podcast edition. Today's show was brought to you by our sponsor DropZone AI. Find them at DropZone AI thanks to your company.