Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.

Documenting code can be dull, but explaining the source code of a complex project is hard for AI to get right Google has ...

The long-running Contagious Interview campaign is now hiding BeaverTail and InvisibleFerret payloads inside JSON storage ...

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial ...

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...

A widely-adopted JavaScript library has been found carrying a critical vulnerability which could allow threat actors to ...

The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices ...

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...

Weeks after being declared eradicated, GlassWorm is again infesting open source extensions using the same invisible Unicode and blockchain C2 tricks.

The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with ...

What if AI-assisted development is less of a threat, and more of a jetpack? This month’s report tackles vibe coding, along ...

Ever swung a bat so hard in your dreams that the ball flew to another galaxy? Time to make that dream real. In Roblox Home Run Simulator, it’s all about smashing homers and stacking up that sweet cash ...