Cyber Security Headlines npm update, Cursor Autorun flaw details, Microsoft probe over Ascension hack?
9 snips
Sep 11, 2025 The podcast dives into a notable npm compromise, questioning if there's really a reason to worry. It unveils the Cursor Autorun flaw that allows unsafe code execution without user consent. Senator Wyden calls for an investigation into Microsoft after the Ascension hack, shedding light on major security practices. Additionally, it discusses Apple’s Memory Integrity Enforcement and a concerning malware targeting military contractors. Lastly, it highlights a significant cyber attack on Jaguar Land Rover affecting data and production.
AI Snips
Chapters
Transcript
Episode notes
NPM Package Compromise Story
- An attacker phished an NPM developer account and pushed malicious updates to 18 popular packages.
- The malicious versions ran about six hours and caused roughly $1,000 in losses thanks to quick detection and response.
Mitigate Autorun Risk Now
- Avoid opening untrusted folders in Visual Studio Code until the autorun issue is patched.
- Disable or restrict extensions and verify Workspace Trust settings as a mitigation step.
Repo Autorun Expands Attack Surface
- The Cursor extension autorun flaw can execute repository code when a folder opens, even without consent.
- With Workspace Trust off by default, opening a folder could compromise a developer's machine.