CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
GIGAZINE

ByteDance's Cursor-rivaling AI editor 'Trae IDE' turns out to send user data to a server and have an unusually large number of processes

Trae IDE ' is a code editor developed by TikTok's ByteDance based on Visual Studio Code (VSCode), and is touted for its free AI coding assistance features. Analysis results for Trae IDE have been ...
heise online

MCPoison: Vulnerability in Cursor IDE – Execute arbitrary code via MCP

Due to a lack of security checks, attackers can change MCP configurations in the Cursor IDE to execute arbitrary code. In the case of the vulnerability named MCPoison by the security analysts, which ...