GIGAZINE

ByteDance's Cursor-rivaling AI editor 'Trae IDE' turns out to send user data to a server and have an unusually large number of processes

Trae IDE ' is a code editor developed by TikTok's ByteDance based on Visual Studio Code (VSCode), and is touted for its free AI coding assistance features. Analysis results for Trae IDE have been ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Bleeping Computer

AI-powered Cursor IDE vulnerable to prompt-injection attacks

A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. The ...
heise online

MCPoison: Vulnerability in Cursor IDE – Execute arbitrary code via MCP

Due to a lack of security checks, attackers can change MCP configurations in the Cursor IDE to execute arbitrary code. In the case of the vulnerability named MCPoison by the security analysts, which ...