Subscribe

Info Stealers and OpenClaw: They’ll Steal Your Soul

Info Stealers Target OpenClaw, a Robot Vacuum API Flaw Exposes Thousands, Best Buy Fraud Shows Zero Trust Context, and Canada Goose Data Leaked via Supplier

The episode covers multiple security incidents and lessons. Hudson Rock details how an info stealer malware infection can vacuum OpenClaw data, including authentication tokens, master keys, device private cryptographic keys, and the agent-defining soul.md file that can reveal a “mirror” of a user’s life; the attack was not targeted, raising concerns about upcoming dedicated OpenClaw-stealing modules. A hobbyist coder using an AI coding tool to reverse-engineer DJI Romo communications unintentionally accessed roughly 7,000 robot vacuums in 24 countries, enabling live camera and microphone access and floor-plan generation due to missing messaging-level access controls; DJI also shares infrastructure with portable home battery stations and initially claimed the flaw was fixed before a live demonstration showed it was not. Two Best Buy cases illustrate that Zero Trust must consider behavior and context: a Florida employee allegedly used a manager override code 149 times from March–December 2024 to buy discounted electronics, costing about $120,000, while a Georgia case involved over $40,000 in merchandise leaving a store over two weeks amid claims of blackmail. Finally, ShinyHunters leaked about 600,000 Canada Goose customer records, but Canada Goose found no breach in its systems; the data was attributed to a third-party payment processor breach from August 2025, with records largely dating from 2021–2023, underscoring supply-chain risk and ongoing fraud/phishing potential. The episode is sponsored by Meter, which provides an integrated wired, wireless, and cellular networking stack for enterprises.

00:00 Sponsor: Meter + Today’s Cybersecurity Headlines
00:44 Info-Stealer Jackpot: OpenClaw Tokens, Keys & ‘soul.md’ Exposed
03:17 DIY App, Real-World Disaster: 7,000 Robot Vacuums Exposed via DJI Servers
05:34 Best Buy Insider Fraud: Why Zero Trust Needs Behavior Monitoring
07:36 Canada Goose Leak: When a Third-Party Payment Processor Gets Breached
09:28 Wrap-Up + Sponsor Message (Meter)

Related Podcasts

The U.K. targets AI chatbots in online safety crackdown

Edmonton firm developing ‘matriarchal AI’ after Geoffrey Hinton calls for maternal instincts in tech

House of Commons hit by cyberattack tied to Microsoft flaw

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Blue Sky
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.