AI-powered dev tools lead today — a Swift app builder, automated code reviews, and a Mac terminal you control from your iPhone.
A major supply chain attack hit the AI coding tool ecosystem, Alibaba launches a Claude Code competitor, and OpenAI faces scrutiny over when to alert authorities.
Security researcher Adnan Khan’s “Clinejection” disclosure turned into a real-world attack: an unknown actor exploited Cline’s AI issue triage bot to publish a backdoored npm package (v2.3.0) that silently installed OpenClaw on ~4,000 developer machines during an 8-hour window on Feb 17.
The attack chain — prompt injection → GitHub Actions cache poisoning → npm credential theft → malicious publish — required nothing more than opening a GitHub issue. Cline has released v2.4.0 with OIDC-based publishing and revoked the compromised token.
Quick hits — local models and Google overreach.
ComfyUI tools — a 3D posing studio, optimized Flux2 sampling, and a tag generator for anime workflows.
Google’s coming sideloading lockdown leads, plus self-hosted picks including a Kahoot clone, a bot crawler trap, and a Mac Dock enhancer.