TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

The Cline CLI npm package was compromised on February 17 via a stolen token, causing approximately 4,000 developers to unknowingly install OpenClaw during an 8-hour window. The attack exploited a proof-of-concept prompt injection vulnerability published by security researcher Adnan Khan, which a separate threat actor weaponized to steal Cline's npm publishing credentials. Cline maintainers have since revoked the token, released a fixed version (2.4.0+), and switched to OIDC provenance publishing via GitHub Actions. Affected users should update and check for unexpected OpenClaw installations.

AI coding assistant Cline compromised, installs OpenClaw