While security on software is becoming increasingly complex, bad actors are now using hallucinations from AI to create libraries that do not officially exist, but which LLMs love to invent and repeat. When you have that, imagine the bad actor building the package, and as humans copy and paste, why not? Then, you end up installing a dangerous library in your system. They call this attack: Slopsquatting.

How fun is this?

https://it.slashdot.org/story/25/04/22/0118200/ai-hallucinations-lead-to-a-new-cyber-threat-slopsquatting?utm_source=rss1.0moreanon&utm_medium=feed

First documented case of Slopsquatting: 3.2k users infected via Cursor editor by installing a malicious npm package.

First documented case of Slopsquatting: 3.2k users infected via Cursor editor by installing a malicious npm package.

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

🌷💀⏳

teleyinex.eth ▫️

teleyinex.lens ▫️

teleyine.x ▫️

daniellombrana.es  ▫️

@astaralabs ▫️

@obeygiant ▫️

@scifabric ▫️

dev

FractalVisions.io ⚡️
Superchain Supercharged Impact Initiative Platform 👁
The future is onchain !
Join our channel 🚀 /fractalvisions

Not sure to be honest. Check if you can update your Cursor editor, apparently the hack disabled updates to steal your data and keep you locked.

Looks like 👍 I can update but there are currently no updates available.

Will keep an eye out for more info. ℹ️