News

JavaScript packages with billions of downloads were injected with malicious code in world's largest supply chain hack, geared to steal crypto — a phishing email is all it ...

JavaScript packages with billions of downloads were compromised by an unknown threat actor looking to steal cryptocurrency.
Infosecurity Magazine12h

Cursor Autorun Flaw Lets Repositories Execute Code Without Consent

A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, ...

Cursor AI editor lets repos “autorun” malicious code on devices

A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it's opened.