Cursor IDE Auto-Executes Malicious Code in Poisoned Repos
Researchers reported the vulnerability to Cursor in December, but it still remains in the popular AI coding platform and can be exploited in poisoned repository attacks.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers reported the vulnerability to Cursor in December, but it still remains in the popular AI coding platform and can be exploited in poisoned repository attacks.
Old Unix Symlink Trick Lets Malicious Code Bypass User ChecksWiz researchers found that six popular AI coding assistants can be tricked into modifying sensitive files, including SSH keys, while their approval prompts display a harmless filename. The GhostApproval technique exploits a decades-old Unix symlink behavior to mislead users.
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM)
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate
Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft
3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging FaceResearchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata.
Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code
Researchers raise the alarm that a new, rapidly evolving ransomware strain uses an OpenAI model to render and execute malicious code in real time, ushering in a new era of cyberattacks against enterprises.
This Is Not the Malicious Code You're Looking For, Malware Tells AIIf you can't outsmart the antivirus, maybe you can sweet-talk the algorithm into looking the other way. Security researchers discovered what appears to be the first known attempt to deploy prompt injection against artificial intelligence-powered malware analysis.
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code
Researchers have uncovered one of the first examples of threat actors using artificial intelligence chatbots for malware creation, in a phishing attack spreading the open-source remote access trojan.
Hackers Can Use the Attack Method to Manipulate ML Model Output and Steal DataResearchers have found a new way of poisoning machine learning models that could allow hackers to steal data and manipulate the artificial intelligence unit's output. Using the Sleepy Pickle attack method, hackers can inject malicious code into the serialization process, said Trail of Bits.
The powerful AI bot can produce malware without malicious code, making it tough to mitigate.
Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding assistants into suggesting dangerous code. [...]