腾讯网

AI编程工具Cursor存在远程代码执行漏洞

Check Point研究人员在热门AI编程工具Cursor中发现了一个远程代码执行漏洞,攻击者可以通过秘密修改此前已被批准的模型上下文协议(MCP)配置来毒化开发者环境,在用户无感知的情况下将其替换为恶意命令。 好消息是:Cursor在7月29日发布了修复该问题的更新版本(1. ...
腾讯网

恶意MCP服务器可劫持Cursor内置浏览器

新型 PoC 攻击证实:恶意模型上下文协议(MCP)服务器可向 Cursor 浏览器注入 JavaScript,甚至可能利用该 IDE 的权限执行系统级操作。 AI Agent 与编程助手正在颠覆开发者的工作方式,同时也快速扩大了开发设备的受攻击面。最新案例显示:安全研究人员证实恶意 ...
来自MSN

红温了!Cursor又乱写代码?1分钟装上Context7 MCP享受实时文档检索服务

面对AI编程助手Cursor在编写代码时可能出现的错误和过时信息,Context7 MCP提供了一个创新的解决方案。文章将介绍如何快速安装并使用Context7 MCP,以便在编写代码时享受实时文档检索服务,确保AI助手能够访问到最新、最准确的官方文档,从而提高编程效率和代码 ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
it-daily.net

Cursor: Critical security vulnerability discovered in AI coding tool

Security researchers from Check Point have discovered a serious vulnerability in the popular AI-based developer tool Cursor. The vulnerability allows attackers to permanently inject malicious code ...
Bleeping Computer

AI-powered Cursor IDE vulnerable to prompt-injection attacks

A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. The ...
Pocket Gamer.Biz

Coplay takes over Unity MCP as it reaches key milestones with public beta launch

Coplay opens public beta to all developers, expanding beyond its invite-only model. Now stewarding the Unity MCP server, Coplay deepens support for open-source game dev tools. Orchestrator Mode debuts ...
Geeky Gadgets

Automate Your Coding Tasks with MCP Servers and Cursor AI

Enhancing the coding capabilities of Cursor AI can significantly improve your software development process. By integrating Zapier MCP servers, you gain the ability to automate tasks, connect APIs, and ...