Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Hackers Exploit Cline’s npm Token for 8 Hours

Hackers Exploit Cline’s npm Token for 8 Hours

Posted on February 19, 2026 By CWS

The Cline command-line interface (CLI), a widely-used artificial intelligence development tool, faced a serious security breach on February 17, 2026. Hackers managed to gain access to its npm token, leading to a compromised version being available for approximately eight hours. This incident underscores the increasing threat of supply chain attacks aimed at developer ecosystems.

Details of the Security Breach

At 3:26 AM PT, attackers used a stolen npm publish token to upload a malicious version of the Cline CLI, labeled [email protected], to the npm registry. This version targeted developers utilizing popular development environments like Visual Studio Code and JetBrains. The infiltration involved altering the package.json file to include a postinstall script that would execute npm install -g openclaw@latest during installation.

The rest of the package, including the main CLI executable (dist/cli.mjs), was unchanged from the authentic version, [email protected]. Despite the non-malicious nature of OpenCLAW, its unauthorized installation highlighted potential risks for more dangerous payloads in future attacks.

Response and Mitigation

The Cline development team quickly identified the compromised release, releasing a corrected version, [email protected], by 11:23 AM PT. Shortly thereafter, the compromised version 2.3.0 was deprecated, approximately eight hours after the unauthorized upload. The compromised token has been revoked, and Cline has transitioned its npm publishing to OIDC provenance using GitHub Actions to enhance security for future releases.

It is important to note that the Cline VS Code extension and JetBrains plugin were not affected by this security breach.

Recommendations for Developers

Developers who installed [email protected] during the affected period are advised to update to the latest version using cline update or npm install -g cline@latest, and verify the update with cline –version. In cases where OpenCLAW was unintentionally installed, it can be removed using npm uninstall -g openclaw.

Organizations relying on AI developer tools should conduct audits of their installed CLI tools and enforce strict token management practices across all package registries to prevent similar incidents.

For ongoing updates on cybersecurity, follow us on Google News, LinkedIn, and X. Contact us to share your stories.

Cyber Security News Tags:AI coding assistant, Cline, Cybersecurity, developer tools, JetBrains, npm registry, npm token, OpenClaw, supply chain attack, VS Code

Post navigation

Previous Post: Venice Security Secures $33M for Access Management
Next Post: AI’s Impact on Cybersecurity Response Times

Related Posts

CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild Cyber Security News
Oracle WebLogic Vulnerability Exploited: CISA Issues Alert Oracle WebLogic Vulnerability Exploited: CISA Issues Alert Cyber Security News
Hackers Compromise Intelligence Website Used by CIA and Other Agencies Hackers Compromise Intelligence Website Used by CIA and Other Agencies Cyber Security News
FCC Enforces Ban on Risky Chinese Telecom Equipment FCC Enforces Ban on Risky Chinese Telecom Equipment Cyber Security News
New Android Malware Mimics as SBI Card, Axis Bank Apps to Steal Users Financial Data New Android Malware Mimics as SBI Card, Axis Bank Apps to Steal Users Financial Data Cyber Security News
Hackers Use Emoji Code to Evade Security Systems Hackers Use Emoji Code to Evade Security Systems Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark