While security on software is becoming increasingly complex, bad actors are now using hallucinations from AI to create libraries that do not officially exist, but which LLMs love to invent and repeat. When you have that, imagine the bad actor building the package, and as humans copy and paste, why not? Then, you end up installing a dangerous library in your system. They call this attack: Slopsquatting.

How fun is this?

https://it.slashdot.org/story/25/04/22/0118200/ai-hallucinations-lead-to-a-new-cyber-threat-slopsquatting?utm_source=rss1.0moreanon&utm_medium=feed

First documented case of Slopsquatting: 3.2k users infected via Cursor editor by installing a malicious npm package.

First documented case of Slopsquatting: 3.2k users infected via Cursor editor by installing a malicious npm package.

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

🌷💀⏳

teleyinex.eth ▫️

teleyinex.lens ▫️

teleyine.x ▫️

daniellombrana.es  ▫️

@astaralabs ▫️

@obeygiant ▫️

@scifabric ▫️

dev

Important reminder to always be cautious of the packages we install, following this incident of malware spread through npm packages