Cursor Code Editor IDE Icon Log

Malicious VSCode extension in Cursor IDE led to $500K crypto theft

A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto ...

Bleeping Computer

Cursor AI editor lets repos “autorun” malicious code on devices

A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it’s opened. Threat actors can exploit the flaw to drop ...

CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.

Some results have been hidden because they may be inaccessible to you

Show inaccessible results

Malicious VSCode extension in Cursor IDE led to $500K crypto theft

Cursor AI editor lets repos “autorun” malicious code on devices

Rogue MCP servers can take over Cursor’s built-in browser

Trending now