安全公司：AI编程工具Cursor有被新病毒劫持的风险

Blockbeats

Sep 05

BlockBeats 消息，9 月 5 日，据 Cointelegraph 报道，网络安全公司 HiddenLayer 报告称，AI 编程工具 Cursor 存在“CopyPasta 许可证攻击”漏洞，黑客可通过在 LICENSE.txt 和 README.md 文件中隐藏恶意指令，诱导 AI 工具将漏洞注入代码库。该工具被 Coinbase 等加密交易平台广泛采用。

攻击利用 Markdown 注释隐藏提示注入，使 AI 在编辑文件时自动传播恶意负载。测试显示 Windsurf、Kiro 和 Aider 等 AI 编程工具同样存在漏洞。恶意代码可创建后门、窃取敏感数据或瘫痪系统，且能深度隐藏避免检测。

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2565539354"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2565539354\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2565539354?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-09-05 12:56","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2565539354","market":"us","top_or_hot":-1,"title":"安全公司：AI编程工具Cursor有被新病毒劫持的风险","media":"Blockbeats","content":"<html><body><div><p>BlockBeats 消息，9 月 5 日，据 Cointelegraph 报道，网络安全公司 HiddenLayer 报告称，AI 编程工具 Cursor 存在“CopyPasta 许可证攻击”漏洞，黑客可通过在 LICENSE.txt 和 README.md 文件中隐藏恶意指令，诱导 AI 工具将漏洞注入代码库。该工具被 <a href=\"https://laohu8.com/S/COIN\">Coinbase</a> 等加密交易平台广泛采用。</p><p>攻击利用 Markdown 注释隐藏提示注入，使 AI 在编辑文件时自动传播恶意负载。测试显示 Windsurf、Kiro 和 Aider 等 AI 编程工具同样存在漏洞。恶意代码可创建后门、窃取敏感数据或瘫痪系统，且能深度隐藏避免检测。</p></div></body></html>","source":"theblockbeats_zh_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>安全公司：AI编程工具Cursor有被新病毒劫持的风险</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n安全公司：AI编程工具Cursor有被新病毒劫持的风险\n</h2>\n\n<h4 class=\"meta\">\n\n\n2025-09-05 12:56 北京时间&nbsp;&nbsp;&nbsp;<a href=https://www.theblockbeats.info//flash/310894><strong>Blockbeats</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>BlockBeats 消息，9 月 5 日，据 Cointelegraph 报道，网络安全公司 HiddenLayer 报告称，AI 编程工具 Cursor 存在“CopyPasta 许可证攻击”漏洞，黑客可通过在 LICENSE.txt 和 README.md 文件中隐藏恶意指令，诱导 AI 工具将漏洞注入代码库。该工具被 Coinbase 等加密交易平台广泛采用。攻击利用 Markdown ...</p>\n\n<a href=\"https://www.theblockbeats.info//flash/310894\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"BK4551","symbol_name":"寇图资本持仓","start_time":0,"source_url":"https://www.theblockbeats.info//flash/310894","article_id":"2565539354","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2565539354","pubTimestamp":1757048160,"columns":[],"sourceInfo":{"source_id":"theblockbeats_zh_live","name":"blockbeat"},"weMediaInfo":null,"summary":"BlockBeats 消息，9 月 5 日，据 Cointelegraph 报道，网络安全公司 HiddenLayer 报告称，AI 编程工具 Cursor 存在“CopyPasta 许可证攻击”漏洞","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"zh","relate_stocks":{"BK4551":"寇图资本持仓","LU1861220207.SGD":"Blackrock FinTech A2 SGD-H","BK4588":"碎股","BK4595":"比特币概念","LU2360107671.USD":"BGF FINTECH \"A4\" (USD) INC","BK4600":"加密货币概念","BK4585":"ETF&股票定投概念","BK4516":"特朗普概念","BK4539":"次新股","COIN":"Coinbase Global, Inc.","LU1861559042.SGD":"日兴方舟颠覆性创新基金B SGD","BK4112":"金融交易所和数据","LU1861558580.USD":"日兴方舟颠覆性创新基金B","BK4535":"淡马锡持仓","BK4554":"元宇宙及AR概念","LU1861217088.USD":"贝莱德金融科技A2","BK4596":"哈里斯概念"},"translate_title":"Security company: AI programming tool Cursor is at risk of being hijacked by new virus","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"COIN":1},"content_text":"BlockBeats 消息，9 月 5 日，据 Cointelegraph 报道，网络安全公司 HiddenLayer 报告称，AI 编程工具 Cursor 存在“CopyPasta 许可证攻击”漏洞，黑客可通过在 LICENSE.txt 和 README.md 文件中隐藏恶意指令，诱导 AI 工具将漏洞注入代码库。该工具被 Coinbase 等加密交易平台广泛采用。攻击利用 Markdown 注释隐藏提示注入，使 AI 在编辑文件时自动传播恶意负载。测试显示 Windsurf、Kiro 和 Aider 等 AI 编程工具同样存在漏洞。恶意代码可创建后门、窃取敏感数据或瘫痪系统，且能深度隐藏避免检测。","kind":"live","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0,"need_auth":false,"code":"91000000","status":"200"}}}