Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing’s AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware.

OpenClaw is an open-source AI agent that gained popularity as a personal assistant capable of executing tasks. It has access to local files and can integrate with email, messaging apps, and online services.

Due to its widespread local access, threat actors saw an opportunity to collect sensitive information by publishing malicious skills (instruction files) on the tool’s official registry and GitHub.

Researchers at managed detection and response company Huntress discovered a new campaign last month that spread multiple executables for malware loaders and infostealers to users looking to install OpenClaw.

According to the researchers, the threat actor set up malicious GitHub repositories posing as OpenClaw installers, which were recommended by Bing in its AI-powered search results for the Windows version of the tool.

Bing AI’s suggested download link in the image above points to a malicious OpenClaw installer on GitHub, Huntress researchers said in a report.

The researchers say that “just hosting the malware on GitHub was enough to poison Bing AI search results.”

A fake OpenClaw repository that Huntress analyzed appeared legitimate at a quick look, as the threat actor tied it to a GitHub organization named openclaw-installer. This may also have carried some weight in Bing’s AI recommendation.

The GitHub accounts publishing these repositories were newly created, but attempted to increase their legitimacy by copying real code from the Cloudflare moltworker project.

However, the repository provided an installation guide for OpenClaw on macOS, instructing the user to paste a bash command in Terminal. This would reach a separate GitHub organization called puppeteerrr and a repository named dmg.

“The repository contained a number of files that followed a theme of containing a shell script paired with a Mach-O executable,” which Huntress identified as the Atomic Stealer malware.

For Windows users, the threat actor used the fake repositories to deliver OpenClaw_x64.exe, which deployed multiple malicious executables. Huntress says that the Windows Managed AV and Managed Defender for Endpoint solutions quarantined the files on the customer’s machine that they analyzed.

Most of the executables were Rust-based malware loaders that executed information stealers in memory, the researchers said, adding that one of the payloads was Vidar stealer that contacted Telegram and Steam user profiles to get command-and-control (C2) data.

Another Windows executable delivered this way was the GhostSocks backconnect proxy malware, designed to convert users’ machines into a proxy node.

An attacker can use the system to access accounts with credentials stolen from the machine, thus bypassing anti-fraud checks. Threat actors also use proxy nodes to route malicious traffic or to hide their tracks in attacks.

While investigating, Huntress identified multiple accounts and repositories used in the same campaign, which delivered malware to users seeking OpenClaw installers.

All of the malicious repositories have been reported to GitHub, though it’s unclear if they have been removed by now.

The official OpenClaw repository on GitHub is here. It is recommended to bookmark the official portals of the software you’re using instead of searching online each time.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Advertisement

Download The Report

A new report from the U.S. Public Interest Research Group (PIRG) Education Fund has raised concerns about the growing use of artificial intelligence chatbots in children’s toys, warning that some of these systems may not be suitable for young users. According to the report, several AI-powered toys integrate chatbot technology that can generate responses similar to those used in adult-focused AI services, potentially exposing children to inappropriate or misleading content.

The study examined a range of toys that incorporate conversational AI features, including interactive dolls, robots, and educational gadgets. Many of these products allow children to speak with a toy that responds in natural language, powered by large language models similar to those used in widely available AI chatbots.

While the technology can make toys more interactive and educational, PIRG researchers argue that the safeguards built into some products may not be strong enough to protect younger audiences. In particular, the report highlights that the underlying AI systems often originate from platforms designed primarily for general users rather than children.

Because of this, the AI responses generated by these toys could potentially include information or conversational themes that are more appropriate for adults than children. The report also warns that the AI may produce inaccurate answers or unpredictable responses, which could confuse young users who tend to trust toys as reliable sources of information.

Researchers reviewing the toys’ documentation and privacy policies also found that some products rely heavily on cloud-based AI systems

This means children’s voice interactions may be transmitted to external servers where the data is processed and used to generate responses. Privacy advocates say this raises additional concerns about how children’s data is stored and used. Some toys may collect audio recordings, user prompts, or other personal information during conversations. If these systems are not carefully designed with child privacy protections, the data could potentially be misused or stored without clear safeguards.

The report also points out that many AI-powered toys include disclaimers buried in their terms of service or product documentation. These disclaimers sometimes state that the AI responses may not always be accurate or appropriate, effectively shifting responsibility onto parents while the toy itself is marketed directly to children.

This situation matters because AI technology is increasingly entering everyday consumer products, including items designed specifically for young audiences. Toys that simulate conversations can have a powerful influence on children, who often treat them as companions or learning tools.

Experts say children may have difficulty distinguishing between reliable information and AI-generated responses that are speculative, biased, or incorrect. As AI systems continue to evolve, ensuring that these technologies are adapted for child safety will become increasingly important.

The findings also highlight a broader regulatory challenge

While many countries have laws designed to protect children’s online privacy, such as the Children’s Online Privacy Protection Act (COPPA) in the United States, these regulations were developed before the rise of generative AI.

Advocacy groups argue that regulators may need to update safety standards and guidelines to address how AI systems interact with children through connected devices.

The PIRG report calls on toy manufacturers to implement stronger safeguards, including stricter content filtering, clearer disclosure about AI use, and more transparent data practices. It also recommends that companies design AI systems specifically for children rather than repurposing models originally built for adult audiences.

Looking ahead, researchers say collaboration between technology companies, regulators, and child safety experts will be necessary to ensure that AI-powered toys remain both innovative and safe.

As artificial intelligence becomes more integrated into everyday products, the challenge will be balancing the benefits of interactive technology with the responsibility to protect younger users from potential risks.

British hi-fi brand Leak has unveiled its first dedicated music streamer, the TruStream, blending modern network audio features with the brand’s signature mid-century styling.

The new component is designed to sit alongside Leak’s revived hi-fi lineup — including the Leak Stereo 130 and Leak Stereo 230. However, it shifts the focus firmly to modern streaming setups.

Inside, the TruStream runs on a streaming platform developed with Silent Angel, using multi-core ARM Cortex-A72 and A53 processors to handle playback and networking.

Additionally, the platform powers a dedicated control app on iOS and Android based on Silent Angel’s VitOS software. It also supports popular streaming services like Spotify Connect, Tidal Connect, Qobuz Connect and TuneIn internet radio.

Advertisement

There are plenty of ways to get music in and out of the device too. Dual-band Wi-Fi and Gigabit Ethernet handles network streaming, while there’s USB-C for direct playback from a PC or Mac, plus two USB-A ports for storage drives. Furthermore, the streamer also offers optical and coaxial digital outputs for connecting to an external DAC.

Advertisement

For analogue systems, Leak includes both balanced XLR and RCA outputs. There is also a built-in headphone amplifier with a 6.35mm jack for direct listening.

The digital-to-analogue conversion is handled by the ESS Sabre ES9038Q2M, a 32-bit DAC paired with Leak’s custom Class A output stage and dedicated clock and power circuitry. This design is intended to minimise noise and distortion while preserving dynamic range and detail.

Hi-res support is extensive. The TruStream can play PCM audio up to 32-bit/768kHz and native DSD512. It also supports formats like FLAC, ALAC, WAV, AIFF and APE, plus lossy standards such as MP3 and AAC.

Advertisement

Despite all the modern tech, the design is intentionally retro. The streamer sits inside a walnut-veneered cabinet over an aluminium chassis. This is a look clearly inspired by Leak’s classic hi-fi gear from the 1960s and 70s.

The Leak TruStream will be available from April with a retail price of £999.

Advertisement

First, Hyundai “is discontinuing its most affordable electric sedan after just three years on the market,” reports USA Today. After being introduced in 2022, the Hyundai Ioniq 6 “quickly gained the admiration of automotive critics because of its affordable pricing and capable performance specs.” But now, Hyundai “is axing the most affordable versions of the EV, leaving consumers with only one Ioniq 6 option.”

Hyundai will continue to produce the Ioniq 6 N performance trim, which is the quickest and most powerful iteration of the Ioniq 6. It’s also the most expensive. The South Korean automaker is getting rid of lower Ioniq 6 trims due to “disappointing sales and tariff considerations,” according to Cars.com. Hyundai sold 10,478 Ioniq 6 models in 2025, dropping 15% from 12,264 units in 2024, a company sales report stated. Hyundai’s Ioniq 6 is mainly produced in South Korea, so it faces high import tariffs.

Sales increased for their earlier IONIQ 5 model, reports the EV blog Electrek, “up 14% through the first two months of 2026, with 5,365 units sold… Meanwhile, IONIQ 6 sales slid 77% with only 229 units sold in February.”

Elsewhere they report that Kia’s EV6 and EV9 “didn’t fare much better with sales down 53% (600 units sold) and 40% (819 units sold), respectively.” Now a Kia spokesperson tells Car and Driver that the 2025 EV6 GT and 2026 EV9 GT “will be delayed until further notice.” They attributed the move to “changing market conditions,” but added that this delay “does not impact the availability of other trims in the EV6 and EV9 lineups.”

More from Electrek:

The news comes after Kia already said it was delaying the EV4, its entry-level electric sedan, “until further notice.” It was expected to arrive in the US this year alongside the EV3, Kia’s compact electric SUV that’s already a top-seller in the UK, Europe, and other overseas markets.

While Hyundai didn’t directly say it, since the EV3, EV4, EV6 GT, and Hyundai IONIQ 6 are built in Korea, the Trump administration’s import tariffs and other policy changes are likely the biggest reason to blame here. Kia and Hyundai, like many others, are hesitant to bring new EVs to the US due to the changes. The IONIQ 6, EV6 GT, and EV9 GT join a string of other models that have either been postponed or canceled altogether.

Over the past week, residents across the Gulf have watched missiles and drones cross the night sky—sometimes followed seconds later by bright flashes as air-defense systems intercept them. In cities like Dubai and Abu Dhabi, videos of interceptions have spread quickly across social media, turning what is normally a largely unseen security architecture into something suddenly visible.

Authorities have urged people not to film or share footage online of interceptions or military activity, warning that such videos could reveal sensitive information about defense operations.

Iran has launched waves of missile and drones toward several Gulf countries in retaliation for US-Israeli strikes which killed Iranian supreme leader Ali Khamenei. These attacks have triggered air-defense responses across the region.

Governments from the United Arab Emirates to Kuwait and Bahrain have reported detecting or intercepting hundreds of missiles and drones in recent days targeting airspace, military facilities, and infrastructure.

Here is how each country has responded.

United Arab Emirates

The UAE operates a layered air-defense network designed to intercept threats at different stages of flight. At the highest altitude sits the Terminal High Altitude Area Defense (THAAD) system, developed by Lockheed Martin, designed to intercept ballistic missiles during the final phase of their descent using a “hit-to-kill” method—destroying the target through direct impact rather than an explosive warhead.

Closer to the ground, Patriot missile-defense batteries developed by Raytheon provide another layer capable of intercepting missiles and other aerial threats at lower altitudes. Radar networks detect launches hundreds of kilometers away, allowing operators to calculate trajectories and launch interceptors within minutes.

As of writing, the UAE Ministry of Defense said that 196 ballistic missiles have been detected heading toward the country since the escalation began on February 28. Of those, 181 were destroyed by air-defense systems, 13 fell into the sea, and two missiles landed inside UAE territory. The attacks resulted in three fatalities and 78 injuries, most caused by falling debris rather than direct missile impacts.

Attacks have also affected digital infrastructure. Amazon Web Services facilities in the UAE and Bahrain were directly struck, causing structural damage and power disruptions.

The high interception rates highlight the effectiveness of the region’s layered defense architecture—but they also reveal the strain placed on these systems when attacks occur in repeated waves.

“I would assess Gulf missile-defense performance as tactically capable but strategically stressed,” says Andreas Krieg, an associate professor at the Department of Defense Studies at King’s College London.

“The real story of this escalation is not whether the Gulf can intercept,” he says. “It is whether it can sustain interception at the tempo these attacks create.”

Missile defense, Krieg notes, is increasingly a contest not just of technology but of endurance. Interceptors can cost millions of dollars each, while many drones used in attacks cost a fraction of that amount.

In prolonged conflicts, maintaining interceptor stocks and coordinating defense across multiple sites becomes a major strategic challenge. “Once you get into repeated raids, mixed salvos, and long-duration drone pressure, the limiting factor becomes magazine depth, resupply speed. and the economics of using very expensive interceptors against cheap, persistent threats,” he says.

The UAE has spent more than a decade building its missile-defense architecture, investing heavily in systems such as THAAD and Patriot and integrating them with regional radar and early-warning networks.

Saudi Arabia

Saudi Arabia operates one of the largest air-defense networks in the Middle East, shaped by years of defending against missile and drone attacks targeting its cities and energy infrastructure.

The kingdom relies heavily on the Patriot missile-defense system, supported by radar networks and additional air-defense assets designed to intercept ballistic missiles and aerial threats approaching major population centers and oil facilities. It also operates the PAC-3 MSE interceptor, a more advanced Patriot missile developed by Lockheed Martin, designed to destroy incoming ballistic missiles through direct impact.

Got a new Samsung Galaxy S26 on preorder? It’s time to get your case situation sorted, pronto. You might never have broken a phone in your life, but the mysterious laws of the universe state that if you try and leave the house with an expensive new case-less phone, you’ll immediately drop it. It’s inevitable.

At a glance, the new S26 might look a lot like its predecessors, but the proportions are different. That means you won’t be reusing an old case — you’ll need to stump up for a new one to go with your swanky new handset.