MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
researcher
Search

Snyk Researcher Caught Deploying Malicious Code Targeting AI Startup

Tuesday January 14, 2025. 10:20 AM , from Slashdot
Snyk Researcher Caught Deploying Malicious Code Targeting AI Startup
A Snyk security researcher has published malicious NPM packages targeting Cursor, an AI coding startup, in what appears to be a dependency confusion attack. The packages, which collect and transmit system data to an attacker-controlled server, were published under a verified Snyk email address, according to security researcher Paul McCarty.

The OpenSSF package analysis scanner flagged three packages as malicious, generating advisories MAL-2025-27, MAL-2025-28 and MAL-2025-29. The researcher deployed the packages 'cursor-retrieval,' 'cursor-always-local' and 'cursor-shadow-workspace,' likely attempting to exploit Cursor's private NPM packages of the same names.

Read more of this story at Slashdot.
https://it.slashdot.org/story/25/01/14/0920245/snyk-researcher-caught-deploying-malicious-code-targe...

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Jan, Tue 21 - 04:49 CET