Snyk appears to deploy 'malicious' packages targeting Cursor for unknown reason