The Hacker News

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
Dark Reading

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

The malicious version of Cline's npm package — 2.3.0 — was downloaded more than 4,000 times before it was removed.
IEEE

Bayesian Ridge Regression-Based Graph Injection Attack on IIoT

Abstract: The systems within the Industrial Internet of Things (IIoT) have complex structures and non-Euclidean data, which are challenging to manage. Due to the advantages of graph neural networks ...
The Hacker News

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw integrates VirusTotal Code Insight scanning for ClawHub skills following reports of malicious plugins, prompt injection & exposed instances.
The Hill

Iranian foreign minister warns of attacks on US bases if Washington strikes

Iran’s foreign minister said that Tehran would attack U.S. military bases if Washington conducts strikes in the Middle Eastern country, warning that “U.S. bases are spread all over the region.” “In my ...
Associated Press

Omar criticizes Trump’s ‘hateful rhetoric’ after attack; suspect had made pro-Trump posts online

Copyright 2026 The Associated Press. All Rights Reserved. Copyright 2026 The Associated Press. All Rights Reserved. During a speech in Iowa on Tuesday, shortly before ...
PBS

What we're learning about the man arrested in the attack on Rep. Ilhan Omar

MINNEAPOLIS (AP) — The man accused of squirting an unknown substance on Democratic U.S. Rep. Ilhan Omar at a town hall in Minneapolis has a criminal history and has made online posts supportive of ...
Radio Free Europe/Radio Liberty

Iran 'Practically Naked' If US Attacks, But Can Retaliate With Force

Iran is bracing for a potential attack as the United States deploys key military assets, including an air carrier and additional bombers, to the Middle East. US President Donald Trump has threatened ...
Forbes

When AI Agents Turn Against You: The Prompt Injection Threat Every Business Leader Must Understand

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Prompt injection attacks can manipulate AI behavior in ways that traditional cybersecurity ...
MIT Technology Review

Rules fail at the prompt, succeed at the boundary

Why the first AI-orchestrated espionage campaign changes the agent security conversation Provided byProtegrity From the Gemini Calendar prompt-injection attack of 2026 to the September 2025 ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Half a dozen vulnerabilities in the JavaScript ecosystem’s leading package managers — including NPM, PNPM, VLT, and Bun — could be exploited to bypass supply chain attack protections, according to ...
IEEE

Guaranteed False Data Injection Attack Without Physical Model

Abstract: Smart grids are increasingly vulnerable to False Data Injection Attacks (FDIAs) due to their growing reliance on interconnected digital systems. Many existing FDIA techniques assume access ...