Much less click-baity if a more descriptive title would have been used: "Malicious copy of Cursor AI extension used for $500k theft"
samrus · 7m ago
The title does make it sound like the AI itself lead to the vulnerability, which is false
But cursor isnt off the hook. It wasnt a malicious copy, it was a legit copy of the cursor IDE distirbuting a package they allowed on the extension store. This is on them.
The lesson here is to not make a vscode fork if you arent able to maintian it the way microsoft does. Move fast and break (the user's) things i guess
worble · 4m ago
The article says they use open-vsx, which is managed by the Eclipse foundation. It's not really anything to do with cursor, other than the fact they're allowing you access to the only other vscode marketplace that all the forks use.
EZ-E · 5m ago
Am I understanding right the extension was free to download code from internet and execute with enough rights to scan the user's disk? That is wild. Does this mean every company is one bad extension install away from having its entire codebase stolen or worse?
I naively assumed the extensions were 'sandboxed' to some degree.
delusional · 2m ago
These systems rely on downloading and executing much more untrusted software than you could ever imagine. Please dig deeper into this for yourself, I think that's the only way for anyone to truly appreciate the mess we are getting ourselves into.
christophilus · 15m ago
Supply chain attacks really worry me. I do most of my work in docker containers partly as a small attempt to mitigate this. I run the full stack in the container, including Claude Code, Neovim, Postgres, etc.
I do have a fair number of Neovim plugins on my host machine, and a number of Arch packages that I probably could do without.
I’ve considered keeping my host’s Neovim vanilla, but telescope is hard to live without.
darkwater · 6m ago
You know you are in a cycle when some new software/paradigm brings new solutions and approaches while it forgets about basic stuff already implemented for ages by prior solutions. It's basically like an adolescent.
I guess this is how we evolve?
riv991 · 14m ago
Microsoft were very quick to highlight their extensions being safer after this.
Unfortunately the marketplace ecosystem is why I went back to VSCode from Cursor. I'm a bit upset by this because I don't quite appreciate that Microsoft has a closed ecosystem for the marketplace and does not open it to Cursor but the reality is, that Open VSX does not have all extensions and little vetting.
worble · 6m ago
And yet, this entire class of abuse is only possible because Microsoft refuse to implement any kind of permission management or sandboxing for extensions.
But cursor isnt off the hook. It wasnt a malicious copy, it was a legit copy of the cursor IDE distirbuting a package they allowed on the extension store. This is on them.
The lesson here is to not make a vscode fork if you arent able to maintian it the way microsoft does. Move fast and break (the user's) things i guess
I naively assumed the extensions were 'sandboxed' to some degree.
I do have a fair number of Neovim plugins on my host machine, and a number of Arch packages that I probably could do without.
I’ve considered keeping my host’s Neovim vanilla, but telescope is hard to live without.
https://x.com/code/status/1943720372307665033?s=46
https://github.com/microsoft/vscode/issues/52116
it wasn't even a cursor specific extension it was a vscode one. completely misleading