The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
Sentire says attacks began June 29 against a CVSS 9.6 OS command injection flaw that enables unauthenticated code execution.
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) ...
Several products from Ubiquiti's UniFi ecosystem are affected by partly critical vulnerabilities. Admins should promptly ...
SentinelOne says macOS.Gaslight uses prompt injection to mislead AI-based malware analysis, steal data, and use Telegram for ...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity ...
Three critical flaws in Fortinet’s sandbox that allow remote attackers to bypass authentication, escalate privileges, and execute malicious code are under active exploitation, according to threat ...
Opera browser has announced a new security feature called Paste Protect that aims to stop clipboard-based cyberattacks before ...
Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
Update June 15, 00:54 EDT: An Ivanti spokesperson told BleepingComputer that CISA added the flaw to its KEV catalog based on reports of attempted exploitation of honeypots. "While this CVE carries a ...