Cursor AI Flaws Let Prompt Injection Escape Sandbox for RCE
Two CVSS 9.8 vulnerabilities in the popular AI code editor allow zero-click attacks where malicious instructions in external data sources execute arbitrary commands on developer machines.
13 articles tagged with "Prompt Injection"
Two CVSS 9.8 vulnerabilities in the popular AI code editor allow zero-click attacks where malicious instructions in external data sources execute arbitrary commands on developer machines.
Mozilla's 0DIN researchers demonstrate how innocent-looking repositories can chain three benign components to hijack AI coding assistants and establish reverse shells on developer machines.
SentinelOne discovers Gaslight, a Rust-based macOS backdoor embedding 38 fake system messages designed to crash or confuse AI-powered malware analysis tools.
CVE-2026-42824 chained prompt injection, a timing race, and CSP bypass to exfiltrate Outlook emails, OneDrive files, and MFA codes via Microsoft 365 Copilot. Now patched.
Anthropic patches critical Claude Code GitHub Action vulnerability that let attackers steal tokens and hijack repositories through a single malicious issue. CVSS 7.8 flaw exploited bot actor trust.
The 2026 State of Browser Security Report reveals AI-integrated browsers and agentic copilots face systemic prompt injection risks that may never be fully solved. Here's what enterprises need to know.
Researchers discover ChatGPT's Markdown rendering trusts attacker-controlled content from summarized pages, enabling phishing URLs, IP exfiltration, and fake security alerts inside the AI interface.
Check Point Research disclosed a ChatGPT vulnerability that abused DNS tunneling to silently steal conversation data. OpenAI patched the flaw on February 20, 2026.
LayerX researchers found that custom font rendering can hide malicious prompts from ChatGPT, Claude, Gemini, and other AI assistants while displaying them to users.
Cisco's State of AI Security 2026 report reveals a dangerous gap between agentic AI adoption ambitions and enterprise security readiness. Here's what the threat landscape looks like.
Varonis researchers disclosed a vulnerability chain that let attackers exfiltrate user data through Copilot with a single malicious link click. Microsoft has patched the issue.
Company admits ChatGPT Atlas remains vulnerable to attacks that hijack AI agents through malicious web content. New defenses deployed, but fundamental risk persists.
CVE-2025-68664 scores CVSS 9.3 and enables secret extraction and prompt injection in LangChain Core. Patch immediately if you're running AI agents.