Cursor IDE Auto-Executes Malicious Code in Poisoned Repos
Researchers reported the vulnerability to Cursor in December, but it still remains in the popular AI coding platform and can be exploited in poisoned repository attacks.
Malicious Code covers malware analysis, reported incidents, infrastructure, disruption efforts, and defensive guidance to reduce cyber risk.
Search across headline titles and summaries.
Background for this topic.
Malicious code is software, a script, or an altered program intended to perform unauthorized or harmful actions on a device or network. The term includes malware such as viruses, worms, trojans, spyware, and ransomware, as well as harmful macros or commands. Depending on its function, it may exploit a software weakness, execute with a user’s permissions, disrupt availability, or modify, destroy, or collect data.
Security teams should treat malicious code as both a prevention and detection concern: keep operating systems and applications patched, restrict unnecessary scripting and privileges, and use endpoint controls that identify unusual execution or persistence. Network and host telemetry can support investigation, while isolation and recovery from known-good backups can limit damage after execution. Analysis of samples and indicators can also guide threat intelligence and vulnerability-management priorities, but suspected code should be handled carefully to avoid executing it on production systems or exposing collected data.
Weekly headline count for the current query.
Researchers reported the vulnerability to Cursor in December, but it still remains in the popular AI coding platform and can be exploited in poisoned repository attacks.
This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said.
Researchers raise the alarm that a new, rapidly evolving ransomware strain uses an OpenAI model to render and execute malicious code in real time, ushering in a new era of cyberattacks against enterprises.
Next-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns.
With hundreds of AI models found to harbor malicious code, cybersecurity firms are releasing technology to help companies manage their AI development and deployment efforts.
Companies pursing internal AI development using models from Hugging Face and other open source repositories need to focus on supply chain security and checking for vulnerabilities.
Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager ad tool.
Malware writing is only one of the several malicious activities that adversaries can use the new, uncensored generative AI chatbot.
Cyberattackers injected the NFL Wild Card team's online Pro Shop with malicious code to steal credit-card data from 8,500 fans.
Researchers have uncovered one of the first examples of threat actors using artificial intelligence chatbots for malware creation, in a phishing attack spreading the open-source remote access trojan.
By injecting malicious bytecode into interpreters for VBScript, Python, and Lua, researchers found they can circumvent malicious code detection.
The site is supplying malicious code that delivers dynamically generated payloads and can lead to other attacks, after a Chinese organization bought it earlier this year.
The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain.
Large language models promise to enhance secure software development life cycles, but there are unintended risks as well, CISO warns at RSAC.
The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat.
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
The ClearFake campaign uses fake browser updates to lure victims and spread RedLine, Amadey, and Lumma stealers.
The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.
Giving users time to detect and then update hijacked packages can help developers avoid using malicious code in software development.
The North Korean APT is setting up legitimate accounts on GitHub and social media platforms to pose as developers or recruiters — ultimately to fool targets into loading npm repositories with malicious code.