A GitHub Issue Title Compromised 4,000 Developer Machines

Published by hadi on

A deep dive into “Clinejection”, where an attacker injected a prompt into a GitHub issue title, which an AI triage bot interpreted as an instruction. The resulting chain led to cache poisoning, credential theft, and a compromised npm package that silently installed a second AI agent on 4,000 developer machines.

Read more

Categories: PHP
Tags:

Related Posts

PHP

Utilizing Claude Skills in client projects

In this post, Dries shows how they use Claude Skills to automate repetitive work in client projects, like generating Saloon requests, DTOs, and Livewire pages. It is a practical look at where these workflows save Read more…

PHP

The latest and greatest in postcardware at Spatie

Nick and Dries share how they built Kaartje, a digital postcard wall with a spinning 3D globe that places postcards near the sender’s city. It’s a fun behind-the-scenes look at the stack, the role AI Read more…

PHP

Integration testing our Laravel package with a real server and queue

The Flare team explains how they built end-to-end integration tests for their Laravel package using a real Testbench workbench app, HTTP server, and queue worker. The post also shows how they swapped the sender to Read more…