Snyk Researcher Caught Deploying Malicious Code Targeting AI Startup

A Snyk security researcher has published malicious NPM packages targeting Cursor, an AI coding startup, in what appears to be a dependency confusion attack. The packages, which collect and transmit system data to an attacker-controlled server, were published under a verified Snyk email address, according to security researcher Paul McCarty.

The OpenSSF package analysis scanner flagged three packages as malicious, generating advisories MAL-2025-27, MAL-2025-28 and MAL-2025-29. The researcher deployed the packages "cursor-retrieval," "cursor-always-local" and "cursor-shadow-workspace," likely attempting to exploit Cursor's private NPM packages of the same names.

Rogue security researcher

[RegistrationIsDumb83]

So if I'm connecting the dots right... basically some bad guy at a legitimate security scanner company is trying to steal credentials from a company that makes a code editor used by big companies like Shopify. I can imagine they might want credit card numbers en masse? Not stated, but would be interesting to know if the code scanner company has access to code editor's company so they knew what to name the fake repo.

Tried to snyk in some code eh?

[fleeped]

... not sorry - couldn't resist