While security on software is becoming increasingly complex, bad actors are now using hallucinations from AI to create libraries that do not officially exist, but which LLMs love to invent and repeat. When you have that, imagine the bad actor building the package, and as humans copy and paste, why not? Then, you end up installing a dangerous library in your system. They call this attack: Slopsquatting.

How fun is this?

https://it.slashdot.org/story/25/04/22/0118200/ai-hallucinations-lead-to-a-new-cyber-threat-slopsquatting?utm_source=rss1.0moreanon&utm_medium=feed

First documented case of Slopsquatting: 3.2k users infected via Cursor editor by installing a malicious npm package.

First documented case of Slopsquatting: 3.2k users infected via Cursor editor by installing a malicious npm package.

https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html

🌷💀⏳

teleyinex.eth ▫️

teleyinex.lens ▫️

teleyine.x ▫️

daniellombrana.es  ▫️

@astaralabs ▫️

@obeygiant ▫️

@scifabric ▫️

dev

It is interesting that I casted about slopsquatting only 20 days ago and we have the first case with Cursor editor. 

This is going to be a nightmare for cybersecurity, right?