> EssentialInfoSec
Home / Feb 20, 2026 / Story
0
#6 The Hacker News general February 20, 2026 at 14:20 UTC

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

By [email protected] (The Hacker News)

AI Summary

The Cline CLI AI coding assistant suffered a supply chain attack when version 2.3.0 was published on February 17, 2026 using a compromised npm token, secretly installing the OpenClaw autonomous AI agent. The malicious package was downloaded over 4,000 times before removal, highlighting supply chain risks in AI development tools.

Read full article → https://thehackernews.com/2026/02/cline-cli-230-su…

Relevance score: 85.0/100

# More from February 20

  1. 1
    ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA Krebs on Security
  2. 2
    CISA: BeyondTrust RCE flaw now exploited in ransomware attacks BleepingComputer
  3. 3
    BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration The Hacker News
  4. 4
    Data breach at French bank registry impacts 1.2 million accounts BleepingComputer
  5. 5
    PayPal discloses data breach that exposed user info for 6 months BleepingComputer
  6. 7
    Mississippi medical center closes all clinics after ransomware attack BleepingComputer
  7. 8
    FBI: Over $20 million stolen in surge of ATM malware attacks in 2025 BleepingComputer
  8. 9
    PromptSpy is the first known Android malware to use generative AI at runtime BleepingComputer
  9. 10
    Ukrainian national gets 5-year sentence for involvement in North Korea IT worker scheme The Record