OpenClaw: Info Stealers Take Your Soul

OpenClaw: Info Stealers Take Your Soul

Author: Jim Love February 18, 2026 Duration: 10:32
Cybersecurity Today
NewsTechnology

Info Stealers Target OpenClaw, a Robot Vacuum API Flaw Exposes Thousands, Best Buy Fraud Shows Zero Trust Context, and Canada Goose Data Leaked via Supplier

The episode covers multiple security incidents and lessons. Hudson Rock details how an info stealer malware infection can vacuum OpenClaw data, including authentication tokens, master keys, device private cryptographic keys, and the agent-defining soul.md file that can reveal a "mirror" of a user's life; the attack was not targeted, raising concerns about upcoming dedicated OpenClaw-stealing modules. A hobbyist coder using an AI coding tool to reverse-engineer DJI Romo communications unintentionally accessed roughly 7,000 robot vacuums in 24 countries, enabling live camera and microphone access and floor-plan generation due to missing messaging-level access controls; DJI also shares infrastructure with portable home battery stations and initially claimed the flaw was fixed before a live demonstration showed it was not. Two Best Buy cases illustrate that Zero Trust must consider behavior and context: a Florida employee allegedly used a manager override code 149 times from March–December 2024 to buy discounted electronics, costing about $120,000, while a Georgia case involved over $40,000 in merchandise leaving a store over two weeks amid claims of blackmail. Finally, ShinyHunters leaked about 600,000 Canada Goose customer records, but Canada Goose found no breach in its systems; the data was attributed to a third-party payment processor breach from August 2025, with records largely dating from 2021–2023, underscoring supply-chain risk and ongoing fraud/phishing potential. The episode is sponsored by Meter, which provides an integrated wired, wireless, and cellular networking stack for enterprises.

00:00 Sponsor: Meter + Today's Cybersecurity Headlines
00:44 Info-Stealer Jackpot: OpenClaw Tokens, Keys & 'soul.md' Exposed
03:17 DIY App, Real-World Disaster: 7,000 Robot Vacuums Exposed via DJI Servers
05:34 Best Buy Insider Fraud: Why Zero Trust Needs Behavior Monitoring
07:36 Canada Goose Leak: When a Third-Party Payment Processor Gets Breached
09:28 Wrap-Up + Sponsor Message (Meter)


Every morning, Jim Love sifts through the noise of the digital world to bring you a clear, concise briefing on what actually matters. Cybersecurity Today isn't about fearmongering; it's about practical awareness. You'll hear straightforward analysis of the most recent attacks targeting companies, from sophisticated ransomware campaigns to stealthy data theft. Jim breaks down the implications of major breach disclosures, explaining not just what was stolen, but how it happened and who is affected. The focus remains on actionable intelligence-concrete steps and strategic thinking that can help protect your organization's data and infrastructure. This daily podcast serves as an essential filter for IT professionals, business leaders, and anyone responsible for digital assets, transforming complex threats into understandable insights. Tune in for a grounded perspective on navigating an online landscape where the risks are constantly evolving, and the need for clear, timely information has never been greater.
Author: Language: English Episodes: 100

Official website RSS
linkedin
Cybersecurity Today
Podcast Episodes
Emerging AI Threats and Innovations in Cybersecurity [not-audio_url] [/not-audio_url]

Duration: 15:29
In today's episode of Cybersecurity Today, host David Shipley discusses the latest developments and challenges in cybersecurity, including integrating AI into various systems, the rise of AI-driven security flaws, and th…
OpenClaw, MoltBot, Clawdbot - From Bad to Worse [not-audio_url] [/not-audio_url]

Duration: 11:50
In this episode of Cybersecurity Today, host Jim Love discusses the latest advancements in AI-driven cyber attacks and their implications for security infrastructure. The episode covers a variety of topics, including the…
Critical Cybersecurity Updates: Fortinet, Docker, and Android Malware [not-audio_url] [/not-audio_url]

Duration: 10:24
In this episode of Cybersecurity Today, Jim Love covers major vulnerabilities and security threats, including the exposure of over 3 million Fortinet devices, a critical flaw in Docker's AI assistant, and a sophisticated…
The Rise of Actionable AI Agents: Navigating the Security Landscape [not-audio_url] [/not-audio_url]

Duration: 14:53
In this episode of Cybersecurity Today, host Jim Love explores the burgeoning world of actionable AI agents, examining key developments from companies like Google and Anthropic. The episode delves into the rapid rise of…
What's App Privacy Lawsuit [not-audio_url] [/not-audio_url]

Duration: 13:11
Cybersecurity Today: WhatsApp Privacy Lawsuit, Google's Personal AI, Canada Computers Breach, and Mass Password Leak In this episode, host Jim Love discusses pressing cybersecurity issues, including a lawsuit against Wha…
AWS Flaw Could Have Put Every Account At Risk [not-audio_url] [/not-audio_url]

Duration: 11:56
Cybersecurity Today: Critical Fortinet Flaws, Windows 11 Issues, and Major Cloud Security Near Miss In today's episode of Cybersecurity Today, host David Shipley covers several pressing cybersecurity topics including the…

«12345678910»