Cursor is a organization tracked across 50 threat clusters and 86 intelligence report mentions on ThreatCluster. First observed October 31, 2025; most recent activity July 17, 2026.
On July 11, 2026, multiple malicious versions of the jscrambler npm package were published, exploiting a compromised npm publishing credential. The affected versions (8.14.0, 8.16.0, 8.17.0, 8.18.0, and 8.20.0) included…
A critical vulnerability in the Cursor IDE, tracked as CVE-2026-26268, has been disclosed, allowing arbitrary code execution (RCE) on developers' machines. The flaw arises from the interaction between Cursor's AI agent…
A study by security startup Tenzai revealed that popular vibe coding platforms produce insecure code, including critical vulnerabilities, when responding to common programming prompts. The assessment, conducted in…
Cato AI Labs disclosed two critical remote code execution (RCE) vulnerabilities in Cursor IDE, tracked as CVE-2026-50548 and CVE-2026-50549. These vulnerabilities allow attackers to exploit zero-click prompt injection,…
The Lazarus Group's HexagonalRodent faction is targeting Web3 developers using social engineering tactics, including fake job offers for high-paying remote positions and recruitment for well-known projects. These…
The Glassworm botnet, which has targeted software developers since early 2025, was taken down in a coordinated operation by CrowdStrike, Google, and the Shadowserver Foundation on May 26, 2026. This botnet utilized…
Researchers at Pillar Security discovered a critical prompt injection vulnerability in Google's Antigravity IDE, which allows for remote code execution (RCE) by exploiting insufficient input sanitization in the…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
A vulnerability named GhostApproval has been discovered in six major AI coding assistants, including Amazon Q Developer, Anthropic Claude Code, Augment, Cursor, Google Antigravity, and Windsurf. This flaw allows…
Sophos X-Ops analysts uncovered a threat actor utilizing AI technologies to develop a malware-testing framework aimed at evading endpoint detection and response (EDR) systems. The activity was detected on June 2, 2026,…