While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...
The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
Hulud-like Sandworm_Mode supply chain attack targets NPM developers to steal secrets and poison AI assistants.
Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack ...
The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
The npm registry now includes Socket security analysis links directly on package pages to help developers assess supply chain risks.
A REST API (short for Representational State Transfer Application Programming Interface) is a way two separate pieces of ...
The error message "An error has occurred, and you are no longer synced with the online match" in EA SPORTS FC 26 appears when ...
The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results