Security firm: AI programming tool Cursor is at risk of being hijacked by new virus

09-05

This article is machine translated

Show original

On September 5, Cointelegraph reported that cybersecurity firm HiddenLayer reported a "CopyPasta license attack" vulnerability in the AI programming tool Cursor, widely used by cryptocurrency trading platforms such as Coinbase. Hackers could exploit this vulnerability by hiding malicious instructions in the LICENSE.txt and README.md files, tricking the AI tool into injecting the vulnerability into the codebase.

The attack exploits hidden prompt injection within Markdown comments, allowing AI to automatically deliver malicious payloads when editing files. Testing has revealed vulnerabilities in AI programming tools such as Windsurf, Kiro, and Aider. The malicious code can create backdoors, steal sensitive data, or crash systems, and can be deeply hidden to avoid detection.

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

All-in station

Sui Nemo DeFi Project Hacked, Loss of $2.4 Million

Wu Blockchain

Large amount of token unlocked this week

ETHFI

0.85%

BlockTempo

Is Ethereum's "fundamentals collapsing" and about to plummet? Stablecoin supply exceeds $165 billion, but network revenue drops another 44%.