diff --git a/detection/execution/unexpected-fetcher-parents.sql b/detection/execution/unexpected-fetcher-parents.sql
index 1db87a1..845917a 100644
--- a/detection/execution/unexpected-fetcher-parents.sql
+++ b/detection/execution/unexpected-fetcher-parents.sql
@@ -53,11 +53,15 @@ WHERE -- NOTE: The remainder of this query is synced with unexpected-fetcher-par
     'curl,303,bash,nix',
     'curl,305,bash,nix',
     'curl,307,bash,nix',
+    'curl,500,ShellLauncher,',
+    'curl,500,ShellLauncher,login',
+    'curl,500,Slack,launchd',
+    'curl,500,Stats,bash',
+    'curl,500,bash,ShellLauncher',
     'curl,500,bash,bash',
     'curl,500,bash,fakeroot',
     'curl,500,bash,fish',
     'curl,500,bash,nix-daemon',
-    'curl,500,bash,ShellLauncher',
     'curl,500,bash,zsh',
     'curl,500,colima,zsh',
     'curl,500,endpoint-instal,bash',
@@ -71,11 +75,8 @@ WHERE -- NOTE: The remainder of this query is synced with unexpected-fetcher-par
     'curl,500,nvim,nvim',
     'curl,500,nwg-panel,systemd',
     'curl,500,ruby,zsh',
-    'curl,500,ShellLauncher,',
-    'curl,500,ShellLauncher,login',
-    'curl,500,Slack,launchd',
-    'curl,500,Stats,bash',
     'curl,500,zsh,Code Helper',
+    'curl,500,zsh,Cursor Helper',
     'curl,500,zsh,Emacs-arm64-11',
     'curl,500,zsh,Hyper',
     'curl,500,zsh,login',
@@ -92,6 +93,7 @@ WHERE -- NOTE: The remainder of this query is synced with unexpected-fetcher-par
     AND gparent_name IN (
       'alacritty',
       'Code Helper',
+      'Cursor Helper',
       'emacs',
       'bash',
       'gnome-terminal-',