Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Published: 3 days ago (February 20, 2026 at 09:20 AM EST)

1 min read

Source: The Hacker News

Summary

In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self‑hosted autonomous AI agent that has become exceedingly popular in the past few months.

Timeline

On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI.

Back to Blog

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

markdown !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjuEqzksJuTTXCDhdqgtAIFwGij7CiTa9hyGtjvNUn3wVoFYnH9_f0F-ILQlJhaACL9g1sNbdxCptyn_HwKxFha-yhWg...

Ad tech firm Optimizely confirms data breach after vishing attack

!https://www.bleepstatic.com/content/hl-images/2026/02/23/Optimizely.jpg New York‑based ad tech company Optimizely has notified an undisclosed number of custome...

Conduent data breach already one of largest in U.S. history and keeps getting worse

Things keep getting worse the more we learn about the Conduent data breachhttps://mashable.com/category/privacy. At least 25 million people were affected by the...

VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report

!A building featuring Ivanti's logo in red on the top of the building.https://techcrunch.com/wp-content/uploads/2026/02/ivanti-getty-smaller-zero-day.jpeg?w=102...