Hosted on MSN

Vibe coding tool Cursor's MCP implementation allows persistent code execution

Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a previously ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
VentureBeat

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

Source: VentureBeat created with Imagen. MCP's STDIO transport, the default for connecting an AI agent to a local tool, executes any operating system command it receives. No sanitization. No execution ...