Hosted on MSN

Vibe coding tool Cursor's MCP implementation allows persistent code execution

Check Point researchers uncovered a remote code execution bug in popular vibe-coding AI tool Cursor that could allow an attacker to poison developer environments by secretly modifying a previously ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Geeky Gadgets

Browser MCP and Cursor : Easily Automate Web Tasks and Online Data Collection

The Browser MCP (Model Context Protocol) server, when paired with Cursor, provides a comprehensive platform for automating browser tasks and testing web applications. By combining browser navigation, ...
Dark Reading

Cursor Issue Paves Way for Credential-Stealing Attacks

An inherent insecurity in the increasingly popular artificial intelligence (AI)-powered developer environment Cursor allows attackers to take over its browser to deliver credential-stealing attacks.
TechRadar

Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device

SquareX discovered hidden MCP API in Comet browser enabling arbitrary local command execution Vulnerability in Agentic extension could let attackers hijack devices via compromised perplexity.ai site ...