The data exfiltrated to an attacker-owned website hints at a possible dependency confusion attack on Cursor.com. The malicious NPM packages “cursor-always-local,” “cursor-retrieval,” and “cursor-shadow-workspace” are designed to send data to the attacker. Fortunately, the OpenSSF scanner flagged these packages as malicious, generating malware advisories MAL-2025-27, MAL-2025-28, and MAL-2025-29. The NPM package metadata reveals the culprit as an employee at Snyk, identified by their snyk.io email address. This surprising revelation sheds light on the potential source of the attack. Check out the malware advisories for more information: https://osv.dev/list?q=cursor&ecosystem=npm.
https://sourcecodered.com/snyk-malicious-npm-package/