Skip Navigation

cybersecurity @infosec.pub

Pro @programming.dev

2w ago

The Solidity Language open-source package was used in a $500,000 crypto heist

The Solidity Language open-source package was used in a $500,000 crypto heist

Security @lemmy.ml

☆ Yσɠƚԋσʂ ☆ @lemmy.ml

1w ago

The Solidity Language open-source package was used in a $500,000 crypto heist

securelist.com /open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/

Hacker News @lemmy.bestiver.se

RSS Bot @lemmy.bestiver.se

2w ago

Code highlighting with Cursor AI used for $500k theft

securelist.com /open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/

Cybersecurity @sh.itjust.works

Pro @programming.dev

2w ago

The Solidity Language open-source package was used in a $500,000 crypto heist

securelist.com /open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/

3 comments

Someone used a hammer to smash a window and steal stuff. Quick, ban hammers!!!
Getting rid of the tools to exploit vulnerabilities doesn't get rid of the vulnerabilities, and security by obscurity is not security.
- @HumanPerson @Pro True, though we should probably do away with cursor for entirely different reasons.
  youtu.be/H2S7PKWaP7c
- Concerning this particular article, perhaps the vulnerability here are not a mallicious software packages, but the management of these software repo's.
  Should it be possible to upload a package on a repo with 99% of the same name as one that already exists without some additional checks?