A deep dive into “Clinejection”, where an attacker injected a prompt into a GitHub issue title, which an AI triage bot interpreted as an instruction. The resulting chain led to cache poisoning, credential theft, and a compromised npm package that silently installed a second AI agent on 4,000 developer machines.
PHP
Leave a failing test before you go on vacation
Every year I dread coming back from vacation not because of the work, but because I have no idea where I left off. A failing test, a well-written TODO, and a slow first day back Read more…