A critical vulnerability in the Cursor extension allows malicious repositories to execute arbitrary code automatically when a folder is opened, bypassing user consent. This 'autorun' flaw poses a significant software supply chain risk, potentially leading to credential theft and malware deployment on developer machines. The vulnerability underscores the growing trend of targeting developer tools as a critical attack surface.
Latest mentioned: 09-10
Earliest mentioned: 09-10