AI Agent Cline v2.3.0 Compromised: From Prompt Injection to Unauthorized npm Publish
A compromised npm token was used to publish a tampered version of Cline CLI. A prompt injection vulnerability in Cline's AI-powered GitHub Actions workflow may have enabled the credential theft.
Read the full articleYou might also wanna read
GitHub Issue Prompt Injection Leads to 4,000 Developer Machines Compromised via Malicious npm Package
A prompt injection in a GitHub issue triggered a chain reaction that ended with 4,000 developers getting OpenClaw installed without consent.

How “Clinejection” Turned an AI Bot into a Supply Chain Attack
The Clinejection vulnerability chain illustrates a dangerous new era of supply chain attacks where AI agents are turned into exploit vectors

Hacker Exploits AI Coding Agent Vulnerability to Install OpenClaw Malware
A hacker tricked Cline’s Claude-powered workflow into installing OpenClaw on computers.
Critical Vulnerability Exposes GitHub Agentic Workflows to Prompt Injection
Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositor
GitLost Vulnerability Steals Private Code via GitHub AI Agents
Researchers from Noma Labs have discovered a vulnerability in GitHub Agentic Workflows that allows private repository contents to be extract
Mozilla researchers demonstrate indirect prompt injection attack on AI coding agents via GitHub repositories
The PoC attack targets AI-powered coding agents and uses indirect prompt injection to manipulate them into taking harmful actions.

Comments
Sign in to join the conversation.
No comments yet. Be the first.