Dark Reading

Cursor Issue Paves Way for Credential-Stealing Attacks

Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.
The Register on MSN

Google previews Code Wiki: Can you trust AI to document your repository?

Documenting code can be dull, but explaining the source code of a complex project is hard for AI to get right Google has ...
InfoWorld

North Korea’s ‘Job Test’ trap upgrades to JSON malware dropboxes

The long-running Contagious Interview campaign is now hiding BeaverTail and InvisibleFerret payloads inside JSON storage services.
The Hacker News

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial ...
InfoWorld

Visual Studio Code unifies UI for managing coding agents

Agent HQ provides a single location for managing both local and remote coding agents and introduces a plan agent that breaks ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...

An incredibly popular JavaScript library might have some worrying malware issues

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to ...