Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cline CLI compromised token mitigation

Advisory/Mitigation
First reported
Last updated
Happening score
H score 15
1 unique sources, 1 articles

Summary

Hide ▲

Cline maintainers released version 2.4.0 to contain the unauthorized npm publication of [email protected], which had been pushed with a compromised publish token. They also deprecated 2.3.0 and revoked the token to reduce the risk of further misuse. Affected users were told to update and verify that OpenClaw was not installed unexpectedly.

Related Happenings

GitHub npm version 12 hardens installs and token management

Security Tool/Service
H score11 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: **GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...

OpenClaw message-object prompt injection patched in 2026.4.23 security flaw

Vulnerability
H score15 First: 11.06.2026 20:46 Last: 11.06.2026 20:46 Sources 1

About this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...

OpenClaw/OpenShell managed sandbox backend Claw Chain (multiple vulnerabilities)

Vulnerability
H score31 First: 15.05.2026 16:35 Last: 15.05.2026 16:35 Sources 1

About this happening: Researchers disclosed **four OpenClaw flaws** in the **OpenShell managed sandbox backend** that can be chained for **data theft**, **privilege escalation**, and **persistence**. T...

OpenClaw 2026.4.22 security patch release for Claw Chain flaws

Security Patch Release
H score24 First: 15.05.2026 16:35 Last: 15.05.2026 16:35 Sources 1

About this happening: OpenClaw released **version 2026.4.22** to fix **four CVE-backed vulnerabilities** in **OpenShell's managed sandbox backend** that could be chained for **data theft**, **privilege...

OpenAI rotates macOS code-signing certificates after supply-chain exposure

Security Tool/Service
H score12 First: 13.04.2026 20:39 Last: 13.04.2026 20:39 Sources 1

About this happening: **OpenAI** is **rotating and revoking macOS code-signing certificates**, forcing users of **ChatGPT Desktop**, **Codex**, **Codex CLI**, and **Atlas** to update so trust in signed...

Timeline

  1. 20.02.2026 16:20 2 articles · 4mo ago

    Cline CLI compromised token mitigation

    Initial Disclosure

    After the npm compromise, maintainers responded by shipping **2.4.0**, deprecating **2.3.0**, and revoking the **compromised publish token**. That response was aimed at limiting further exposure from the unauthorized package release and guiding affected users to clean up their environments.

    Show sources