Step 2: The AI bot executes arbitrary code. Claude interpreted the injected instruction as legitimate and ran npm install pointing to the attacker's fork - a typosquatted repository (glthub-actions/cline, note the missing 'i' in 'github'). The fork's package.json contained a preinstall script that fetched and executed a remote shell script.
Access 20+ tones
,更多细节参见safew官方版本下载
SAVE $20: As of March 2, the Amazon Fire Stick 4K Max is on sale for $29.99 with the code MAX4KFTV at Amazon. That's $30 off the list price.
Что думаешь? Оцени!