PocketOS founder says Cursor AI agent deleted its production database in 9 seconds after misusing a root API token, exposing major Railway security flaws.
Tag: Cursor
Global Security News
Cursor Extension Flaw Exposes Developer API Keys
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX
AI, Global Security News
Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories.
AI, Exploits, Global Security News
Critical Cursor bug could turn routine Git into RCE
Security researchers have disclosed a high-severity vulnerability affecting the Cursor IDE, allowing arbitrary code execution on a developer’s machine through a seemingly routine repository interaction. According to findings by AI pentesting platform Novee Security, once a developer cloned and interacted with a malicious repository, the IDE’s AI agent could trigger embedded Git logic, resulting in…
AI, Global Security News, Risk Management
Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian
AI coding assistants are quickly becoming part of everyday development. Tools like Cursor, Claude Code, and GitHub Copilot can now do more than suggest code. They can read files, run shell commands, and call external tools during a session. That makes them useful, but it also creates a new risk: secrets can be exposed long…
Global Security News
‘CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment
CursorJack shows how malicious MCP deeplinks in Cursor IDE can trigger user-approved code execution
AI, Global Security News
Cursor Automations turns code review and ops into background tasks
Cursor Automations, the always-on agent platform from Cursor, is expanding with a new generation of autonomous systems that streamline code review, incident response, and other engineering workflows. The platform runs AI agents on schedules or in response to development events. These triggers include merged pull requests on GitHub, newly created issues in Linear, messages sent…
AI, Global Security News
Flaws in Popular Software Development App Extensions Allow Data Exfiltration
Four serious new vulnerabilities affect Microsoft Visual Studio Code, Cursor and Windsurf extensions, three of which remain unpatched