Supply chain attack

RoguePilot - How a Hidden Comment in a GitHub Issue Could Steal Your Entire Repository

Orca Security reveals RoguePilot, a supply chain attack that weaponizes GitHub Issues to hijack Copilot in Codespaces and exfiltrate repository tokens.

OpenClaw Has 130 Security Advisories and Counting. How Did We Get Here?

OpenClaw's GitHub security advisories jumped from ~90 to 130 in 48 hours. With 40,000+ exposed instances, a poisoned plugin marketplace, and malware targeting Mac Minis, the most popular personal AI agent is also the most dangerous.

The #1 Skill on OpenClaw's Marketplace Was Malware: Inside the ClawHub Supply Chain Attack

1,184 malicious skills were found on OpenClaw's ClawHub marketplace - stealing SSH keys, crypto wallets, browser passwords, and opening reverse shells. One attacker uploaded 677 packages alone. The #1 ranked skill had 9 vulnerabilities and was downloaded thousands of times.

Cline CLI Compromised: Hijacked npm Package Silently Installed OpenClaw on Developer Machines

A compromised npm publishing token allowed an attacker to push a malicious version of the Cline CLI that silently installed OpenClaw via a postinstall script. The incident was caught and fixed within hours.

Supply chain attack

RoguePilot - How a Hidden Comment in a GitHub Issue Could Steal Your Entire Repository

OpenClaw Has 130 Security Advisories and Counting. How Did We Get Here?

The #1 Skill on OpenClaw's Marketplace Was Malware: Inside the ClawHub Supply Chain Attack

Cline CLI Compromised: Hijacked npm Package Silently Installed OpenClaw on Developer Machines

Google Analytics