MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
researcher
Search

Snyk Researcher Caught Deploying Malicious Code Targeting AI Startup

Tuesday January 14, 2025. 10:20 AM , from Slashdot
A Snyk security researcher has published malicious NPM packages targeting Cursor, an AI coding startup, in what appears to be a dependency confusion attack. The packages, which collect and transmit system data to an attacker-controlled server, were published under a verified Snyk email address, according to security researcher Paul McCarty.

The OpenSSF package analysis scanner flagged three packages as malicious, generating advisories MAL-2025-27, MAL-2025-28 and MAL-2025-29. The researcher deployed the packages 'cursor-retrieval,' 'cursor-always-local' and 'cursor-shadow-workspace,' likely attempting to exploit Cursor's private NPM packages of the same names.

Read more of this story at Slashdot.
Read more at Slashdot
https://it.slashdot.org/story/25/01/14/0920245/snyk-researcher-caught-deploying-malicious-code-targe...

Related News

researcher Bill Gates Began the Altair BASIC Code in His Head While Hiking as a Teenager SlashdotJan 26
packages Could New Linux Code Cut Data Center Energy Use By 30%? SlashdotJan 26
snyk How Chinese AI Startup DeepSeek Made a Model that Rivals OpenAI Wired: Tech.Jan 25
malicious AI chatbot startup founder, lawyer wife accused of ripping off investors in $60M fraud TheRegisterJan 25
startup FBI: North Korean IT Workers Steal Source Code To Extort Employers SlashdotJan 24
targeting Watch out for malicious QR codes! This kind of scam is increasing PC WorldJan 24
mal- Scale AI CEO Says China Has Quickly Caught the US With DeepSeek SlashdotJan 24
npm Dumb New Electrical Code Could Doom Most Common EV Charging SlashdotJan 24
caught Chinese AI startup DeepSeek unveils open-source model to rival OpenAI o1 ComputerWorldJan 23
published Mysterious floating orb and ghostly activity caught on security cam inside bar after closing time (video) BoingBoingJan 21
security SoftBank-Backed Fish Startup Allegedly Faked Most of Its Sales SlashdotJan 21
code Meta, X sign up to Euro Commish code of conduct on hate speech TheRegisterJan 21
deploying Code for ELIZA, the OG chatbot, found BoingBoingJan 20
researcher The secret to never finding typos in your code again: Microsoft Visual Studio Pro PC WorldJan 19
packages Meteorite Crash In Canada Is Caught By Home Security Camera SlashdotJan 18
snyk Google Reports Halving Code Migration Time With AI Help SlashdotJan 18
malicious Waymo Finds a Way Around US Restrictions Targeting Chinese Cars Wired: Tech.Jan 17
startup AI Tools Crack Down on Wall Street Trader Code Speak SlashdotJan 17
targeting Here’s how Google is using LLMs for complex internal code migrations InfoWorldJan 17
mal- Mira Murati’s AI Startup Makes First Hires, Including Former OpenAI Executive Wired: Tech.Jan 17
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Feb, Sat 22 - 09:57 CET