MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
researcher
Recherche

Snyk Researcher Caught Deploying Malicious Code Targeting AI Startup

mardi 14 janvier 2025, 10:20 , par Slashdot
Snyk Researcher Caught Deploying Malicious Code Targeting AI Startup
A Snyk security researcher has published malicious NPM packages targeting Cursor, an AI coding startup, in what appears to be a dependency confusion attack. The packages, which collect and transmit system data to an attacker-controlled server, were published under a verified Snyk email address, according to security researcher Paul McCarty.

The OpenSSF package analysis scanner flagged three packages as malicious, generating advisories MAL-2025-27, MAL-2025-28 and MAL-2025-29. The researcher deployed the packages 'cursor-retrieval,' 'cursor-always-local' and 'cursor-shadow-workspace,' likely attempting to exploit Cursor's private NPM packages of the same names.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/25/01/14/0920245/snyk-researcher-caught-deploying-malicious-code-targe...

Voir aussi

researcher Meta To Cut 3,600 Jobs, Targeting Lowest Performers Slashdot14 Jan
packages Intel, AMD engineers rush to save Linux 6.13 after dodgy Microsoft code change TheRegister14 Jan
snyk Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason TheRegister14 Jan
malicious OpenAI : à côté de l'IA, la startup met en place une autre activité à la mode Génération-NT13 Jan
startup Ask Slashdot: What's the Best Way to Transfer Legacy PHP Code to a Modern Framework? Slashdot12 Jan
targeting See how long you can take the Morse Code Clock BoingBoing11 Jan
mal- VLC gets caught in “AI” hype, adds “AI” subtitles and translations OS News 9 Jan
npm Japanese police claim China ran five-year cyberattack campaign targeting local orgs TheRegister 9 Jan
caught AI Startup Anthropic Raising Funding Valuing it at $60 Billion Slashdot 7 Jan
published AI can improve on code it writes, but you have to know how to ask TheRegister 7 Jan
security Popular math YouTuber 3Blue1Brown victimized by malicious and stupid AI bots BoingBoing 6 Jan
code Boffins carve up C so code can be converted to Rust TheRegister 3 Jan
deploying This AI creates logos, art, writing, and code like magic PC World 1 Jan
researcher Invisibility cloak caught on Ring camera BoingBoing30 Dec
packages 'International Obfuscated C Code Contest' Will Relaunch, Celebrating 40th Anniversary Slashdot29 Dec
snyk 'Universal Basic Income' Isn't a Silver Bullet, Says Lead Researcher on Sam Altman's Study Slashdot28 Dec
malicious Bill Requiring US Agencies To Share Custom Source Code With Each Other Becomes Law Slashdot27 Dec
startup Federal agencies must now share code with one another BoingBoing27 Dec
targeting Shuttered Electric Air Taxi Startup Lilium May Be Saved After All Slashdot24 Dec
mal- Programmeurs, avez-vous la fatigue du changement de fenêtre ? Google Code Assist est là pour vous ZDNet.fr24 Dec
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mar. 14 janv. - 23:41 CET