Cline AI coding assistant hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The Cline coding assistant suffered a supply-chain compromise that installed a rogue OpenClaw instance on thousands of systems, creating unauthorized full system access. The intrusion began with prompt injection and then escalated through a malicious package path that turned an official workflow into a delivery mechanism. The result was a broad compromise of users' devices without consent, raising immediate integrity and access risk for affected environments.
Related Happenings
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical Analysis
H score3
First: 08.07.2026 18:07
Last: 08.07.2026 18:07
Sources 1
About this happening:
Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical AnalysisAbout this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
OpenClaw outbound-mail approval gates and trust-scoped connector controls
Defensive Guidance
H score11
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...
OpenClaw outbound-mail approval gates and trust-scoped connector controls
Defensive GuidanceAbout this happening: OpenClaw operators are adding **outbound-mail approval gates**, **trust-scoped connector access**, and **human approval** for risky actions to reduce **agent phishing** and unauth...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
Vulnerability
H score15
First: 11.06.2026 20:46
Last: 11.06.2026 20:46
Sources 1
About this happening:
**OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenClaw message-object prompt injection patched in 2026.4.23 security flaw
VulnerabilityAbout this happening: **OpenClaw** has a patched **message-object prompt injection flaw** that let hidden instructions inside **shared contacts, vCards, and location pins** reach the LLM as trusted pro...
OpenAI hit by cyberattack
Incident
H score38
First: 14.05.2026 22:07
Last: 14.05.2026 22:07
Sources 1
About this happening:
OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
OpenAI hit by cyberattack
IncidentAbout this happening: OpenAI confirmed **two employees' devices** were breached, giving attackers access to a limited set of internal source code repositories and forcing a precautionary rotation of **...
TanStack hit by network compromise
Incident
H score29
First: 12.05.2026 17:45
Last: 12.05.2026 17:45
Sources 1
About this happening:
**TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
TanStack hit by network compromise
IncidentAbout this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
Latest development: 21.05.2026 11:00
On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.
Timeline
-
09.03.2026 01:35 1 articles · 4mo ago
Issue #8904 starts prompt-injection chain against Cline
Exploitation ObservedAn attacker created GitHub Issue #8904 in Cline with a title that looked like a performance report but contained an embedded instruction to install a package from a specific GitHub repository, beginning a prompt-injection path against Cline's AI-powered issue triage workflow.
Show sources
- How AI Assistants are Moving the Security Goalposts — krebsonsecurity.com — 09.03.2026 01:35
-
09.03.2026 01:35 2 articles · 4mo ago
Cline compromise disclosed with rogue OpenClaw deployment
Initial DisclosureCline's compromise was publicly described as a prompt-injection supply-chain attack that used additional vulnerabilities to push a malicious package into the nightly release workflow, resulting in thousands of systems receiving a rogue OpenClaw instance with full system access without consent.
Show sources
- How AI Assistants are Moving the Security Goalposts — krebsonsecurity.com — 09.03.2026 01:35
- How AI Assistants are Moving the Security Goalposts — krebsonsecurity.com — 09.03.2026 01:35