Snyk security researcher deploys malicious NPM packages targeting cursor.com