OpenClaw Is A Mess And I Don’t Care - Threat Wire

The weekly Threatwire roundup spotlights a cascade of cyber‑security headlines, with the OpenClaw ecosystem taking center stage. The host warns that nearly 50,000 OpenClaw control panels are publicly exposed, many vulnerable to remote code execution, and that 1.5 million API tokens, 35,000 user emails, and thousands of private messages have already been leaked.

DataDog researchers traced the same threat actors behind late‑2025 React‑to‑Shell attacks to a new campaign targeting EngineX configurations, using multi‑stage scripts to overwrite management panels and exfiltrate traffic. Meanwhile, governments in France, Australia and Slovenia are moving to ban social‑media access for users under 16, citing mental‑health concerns, while Cloudflare recently blunted a 31.4 Tbps DDoS from the Kimwolf botnet and Substack disclosed a four‑month‑long data breach.

Notable moments include French President Macron’s remark that children’s brains “are not for sale” to tech platforms, and OpenClaw’s partnership with VirusTotal to scan malicious bot skills. The host also emphasizes that corporate IT can fully monitor employee device activity, reinforcing the need for strict separation of personal and work computers.

The takeaway for enterprises is clear: audit exposed services like OpenClaw, patch legacy exploits such as React‑to‑Shell, and enforce robust device‑usage policies. As regulators tighten social‑media access for minors, the broader security landscape demands proactive monitoring and rapid response to emerging threats.