The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
The Register on MSN

AI coding assistant Cline compromised to create more OpenClaw chaos

4K unintended installs in very odd supply chain attack Someone compromised open source AI coding assistant Cline CLI's npm package earlier this week in an odd supply chain attack that secretly ...
CSO Online

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.

OpenAI pits AI agents against each other to detect smart contract flaws

OpenAI, along with Paradigm and Ottersec, has released the EVMbench research paper, looking at how well different AI models ...

ActiveState Unifies 79M Components to Launch World's Largest Secure Open Source Catalog

ActiveState, a global leader in open source language solutions and secure software supply chain management, today announced it has grown its catalog of secure open source components to 79 million, ...
Ars Technica

Microsoft releases urgent Office patch. Russian-state hackers pounce.

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...
The Hill

Live updates: Partial government shutdown ends as Trump signs funding package into law

President Trump on Tuesday signed a five-bill minibus and two-week continuing resolution to fund the Department of Homeland Security (DHS) into law, ending the partial government shutdown. Twenty-one ...
Autoblog

Cadillac CT5-V Blackwing’s New Package Costs as Much as a Small SUV

At $26,995, the CT5-V Blackwing’s new package pushes its price past even the BMW M5. The Deep Ocean Package adds exclusive styling to the CT5-V Blackwing for $26,995. Only 200 units will be available, ...
thecyberexpress

Malicious Open Source Software Packages Neared 500,000 in 2025

Malicious open source software packages have become a critical problem threatening the software supply chain. That’s one of the major takeaways of a new report titled “State of the Software Supply ...
Infosecurity-magazine.com

Researchers Uncover 454,000+ Malicious Open Source Packages

Security researchers have warned that the open source ecosystem has become a “structural risk,” after revealing another surge in malicious packages last year. Sonatype said in its 2026 State of the ...
Live Science

Next-generation AI 'swarms' will invade social media by mimicking human behavior and harassing real users, researchers warn

Artificial intelligence experts have warned that AI "swarms" are poised to infiltrate social media by deploying agents that mimic human behavior and exploit our tendency to follow the herd. When you ...
Business Insider

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

CAMBRIDGE, Mass., Jan. 27, 2026 (GLOBE NEWSWIRE) -- ReversingLabs (RL), the trusted name in file and software security, today released its fourth annual Software Supply Chain Security Report. The 2026 ...