Quite nasty attack on user of #github #copilot #cursor.
In short: if you download any rules’ example files be aware that there might be some Unicode characters that would make the rule malicious. Non readable for us monkeys. Monkey sees, monkey copy, monkey paste, monkey proud AF to be #vibecoding.
Then shit happens.
🐵 🫡
https://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents
dshf
npub1vn…kylzx
2025-04-25 07:37:48
Author Public Key
npub1vnp047ge2zual8r3nngzc4ttyzanawd96qf0af4g3n3v6v2akjtqjkylzxPublished at
2025-04-25 07:37:48Event JSON
{
"id": "00e4fb727838b3fdc4689d68de6328cd0de5b6bae51e9efdef8f284c132dc1c9",
"pubkey": "64c2faf91950b9df9c719cd02c556b20bb3eb9a5d012fea6a88ce2cd315db496",
"created_at": 1745566668,
"kind": 1,
"tags": [
[
"t",
"github"
],
[
"t",
"copilot"
],
[
"t",
"cursor"
],
[
"t",
"vibecoding"
],
[
"nonce",
"131",
"8"
]
],
"content": "Quite nasty attack on user of #github #copilot #cursor. \nIn short: if you download any rules’ example files be aware that there might be some Unicode characters that would make the rule malicious. Non readable for us monkeys. Monkey sees, monkey copy, monkey paste, monkey proud AF to be #vibecoding.\nThen shit happens.\n\n🐵 🫡\n\nhttps://www.pillar.security/blog/new-vulnerability-in-github-copilot-and-cursor-how-hackers-can-weaponize-code-agents",
"sig": "a03e03bbbad1039fe9fd803b5eacdb1d276b56895051e227dd4443f5d485e256c15add3b7bbaa5c4b31d20d8ad649b3a5a8968a6bc0b08bfb5eeb84eeb6cc4b8"
}