Bleeping Computer

AI-powered Cursor IDE vulnerable to prompt-injection attacks

A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. The ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Bleeping Computer

Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities

The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. An ...