Clinejection — Compromising Cline's Production Releases just by Prompting an Issue Triager - Security research by adnanthekhan
Angular. tj-actions. Cline. TanStack. The same class of attack has been quietly hijacking publish pipelines for two years. Here's what it is, how it works, and what you need to do today.
How Claude Code bypassed its own denylist and sandbox, and why kernel-level enforcement is the answer.
The two blog readers would know that it is comprised mostly of unfinished thoughts about breaking AI agents, hacking, cloud security, application security, citizen development and infosec.
A bit of everything this week. PWAKit docs, rethinking how agents get isolated workspaces, pruning overstuffed config files, and Jeeves diplomatically telling me I’m not marathon-ready.
Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
A growing list of named vulnerabilities, attack techniques and exploits.
An investigation into the Cline supply chain attack, revealing how a bug bounty hunter weaponized a public PoC via prompt injection to steal npm credentials.
Firefox RCE (@kqx_io), Havoc Professional (@C5pider + @0xC4RN4GE + @avx128), afd.sys UAF (@Dark_Puzzle + @Bad_Jubies), macOS JIT abuse (@kyleavery), AEMonitor (@__pberba__), and more!
602 posts tagged ‘security’.
147 posts tagged ‘prompt-injection’. Prompt Injection is a security attack against applications built on top of Large Language Models, introduced here and further described in this series of posts.
Investigating the recent Cline CLI supply-chain compromise using the Raptor AI agent to conduct OSS forensics and uncover the root cause.
Learn how Datadog detected and resolved issues from hackerbot-claw, an AI-powered automated attack campaign.
$600 finds more 0-days in Windows kernel drivers that you can shake a stick at, secret scanners, benchmarks, and improvements, Cline compromised by someone snooping on a researcher's testing