A GitHub Issue Title Compromised 4,000 Developer Machines

Published by hadi on

A deep dive into “Clinejection”, where an attacker injected a prompt into a GitHub issue title, which an AI triage bot interpreted as an instruction. The resulting chain led to cache poisoning, credential theft, and a compromised npm package that silently installed a second AI agent on 4,000 developer machines.

Read more

Categories: PHP
Tags:

Related Posts

PHP

★ Laravel Query Builder v7: a must-have package for building APIs in Laravel

We just released v7 of laravel-query-builder, our package that makes it easy to build flexible API endpoints. If you’re building an API with Laravel, you’ll almost certainly need to let consumers filter results, sort them, Read more…

PHP

New and improved settings screens in Flare

We gave all the settings screens in Flare a fresh coat of paint. Consistent layouts, better forms, improved navigation and plenty of small details that make the experience calmer and more focused. Read more

PHP

★ Turn any OpenAPI spec into Laravel artisan commands

We just published a new package called Laravel OpenAPI CLI that turns any OpenAPI spec into dedicated Laravel artisan commands. Each endpoint gets its own command with typed options for path parameters, query parameters and Read more…