| AT2k Design BBS's VADV-PHP Home |
|
|
AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages! You are not logged in. Login here for full access privileges. |
| Previous Message | Next Message | Back to Computer Support/Help/Discussion... <-- <--- | Return to Home Page |
|
||||||
| From | To | Subject | Date/Time | |||
|
LWN.net | All | A GitHub Issue Title Compromised 4,000 Developer Machines (grith |
March 6, 2026 6:40 AM * |
||
The grith.ai blog reports on an LLM prompt-injection vulnerability that led to 4,000 installations of a compromised version of the Cline utility. For the next eight hours, every developer who installed or updated Cline got OpenClaw - a separate AI agent with full system access - installed globally on their machine without consent. Approximately 4,000 downloads occurred before the package was pulled. The interesting part is not the payload. It is how the attacker got the npm token in the first place: by injecting a prompt into a GitHub issue title, which an AI triage bot read, interpreted as an instruction, and executed. https://lwn.net/Articles/1061548/ --- SBBSecho 3.37-Linux * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24) |
||||||
|
||||||
Computer Support/Help/Discussion... 
| Previous Message | Next Message | Back to Computer Support/Help/Discussion... <-- <--- | Return to Home Page |
Execution Time: 0.0132 seconds If you experience any problems with this website or need help, contact the webmaster. VADV-PHP Copyright © 2002-2026 Steve Winn, Aspect Technologies. All Rights Reserved. Virtual Advanced Copyright © 1995-1997 Roland De Graaf. |