The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.

Telegram channels expose rapid weaponization of SmarterMail flaws

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE ...

Moonwell hit by $1.78M exploit as AI vibe coding debate reaches DeFi

Moonwell’s $1.78 million oracle mispricing exploit is reigniting debate over “vibe-coded” smart contracts and how AI tools like Claude Opus 4.6 should be governed in DeFi development.

ActiveState Unifies 79M Components to Launch World's Largest Secure Open Source Catalog

ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has grown its catalog of secure open source components to 79 million, ...