Topic: workspace trust
-
Exploit in Default Cursor Setting Runs Malicious Code on Dev Machines
A security flaw in Cursor AI code editor allows attackers to execute malicious code silently due to the Workspace Trust feature being disabled by default. Exploitation can lead to credential theft, file manipulation, and data exfiltration, especially risky given developers' elevated system privil...
Read More » -
GitHub Flaw: Repositories Can Run Code on Your PC Without Permission
A security flaw in the Cursor extension for Visual Studio Code allows malicious repositories to execute unauthorized code automatically when a project folder is opened, exploiting the autorun feature. This vulnerability enables attackers to steal sensitive data like authentication tokens, tamper ...
Read More »
