CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Cursor IDE autorun flaw allows malicious code execution

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

A vulnerability in the Cursor AI-powered Integrated Development Environment (IDE) allows automatic execution of tasks in malicious repositories upon opening. This flaw can be exploited to drop malware, hijack developer environments, or steal credentials and API tokens. The issue arises from Cursor disabling the Workspace Trust feature from Visual Studio Code (VS Code), which blocks automatic execution of tasks without explicit consent. This default behavior can be exploited by adding a malicious .vscode/tasks.json file in a publicly shared repository. The flaw affects Cursor's one million users who generate over a billion lines of code daily. The flaw can be exploited to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply-chain attacks. Cursor has decided not to fix the issue, citing the need to maintain AI and other features that depend on the autorun behavior. Users are advised to enable Workspace Trust manually or use a basic text editor for unknown projects.

Timeline

  1. 10.09.2025 18:46 2 articles · 19d ago

    Cursor IDE autorun flaw disclosed

    The flaw can be exploited to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply-chain attacks. Oasis Security provided a detailed analysis of the flaw, explaining how disabling Workspace Trust allows automatic execution of tasks upon opening a project folder. Users are advised to enable Workspace Trust in Cursor, open untrusted repositories in a different code editor, and audit them before opening them in Cursor.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Senator Wyden calls for FTC probe into Microsoft's alleged ransomware-related cybersecurity negligence

U.S. Senator Ron Wyden has called for an FTC investigation into Microsoft's alleged cybersecurity negligence, which he claims enabled ransomware attacks on U.S. critical infrastructure, including healthcare networks. The call follows a ransomware attack on Ascension, a healthcare system, which resulted in the theft of personal and medical information of nearly 5.6 million individuals. The attack was attributed to the Black Basta ransomware group and exploited insecure default settings in Microsoft software. The breach occurred in May 2024 when a contractor clicked on a malicious Bing Search result in Microsoft Edge, leading to a Kerberoasting attack. Attackers used Kerberoasting to extract encrypted service account credentials from Active Directory, leveraging the vulnerabilities in RC4. Wyden's letter to the FTC highlights Microsoft's continued support for RC4, an outdated encryption standard, and its failure to enforce secure password policies for privileged accounts. Microsoft has acknowledged the issues and plans to deprecate RC4 in future updates, but Wyden argues that these measures are insufficient to protect against ongoing threats.

Open in new tab

Microsoft September 2025 Patch Tuesday addresses 81 vulnerabilities, including two zero-days

Microsoft's September 2025 Patch Tuesday addresses 80 vulnerabilities, including one publicly disclosed flaw and eight critical vulnerabilities. The updates fix a range of issues, including privilege escalation, remote code execution, information disclosure, and denial-of-service vulnerabilities. The patches also cover a critical flaw in Azure Networking and address a new lateral movement technique dubbed BitLockMove. Additionally, security updates have been released by multiple vendors, including Adobe, Cisco, Google, and others. The September 2025 update includes 38 elevation of privilege (EoP) vulnerabilities. The two zero-day vulnerabilities are CVE-2025-55234 in Windows SMB Server and CVE-2024-21907 in Microsoft SQL Server. The SMB vulnerability is exploited through relay attacks, while the SQL Server flaw involves improper handling of exceptional conditions in Newtonsoft.Json. The updates also include hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing to assess compatibility issues. The KB5065429 cumulative update for Windows 10 22H2 and 21H2 includes fourteen fixes or changes, addressing unexpected UAC prompts and severe lag and stuttering issues with NDI streaming software. The update enables auditing SMB client compatibility for SMB Server signing and SMB Server EPA, and includes an opt-in feature for administrators to allow outbound network traffic from Windows 10 devices. The September 2025 update includes 38 elevation of privilege (EoP) vulnerabilities. CVE-2025-55234 is an elevation of privilege vulnerability with a CVSS score of 8.8. CVE-2025-54918 in Windows NT LAN Manager (NTLM) is marked as critical and has a CVSS score of 8.8. CVE-2025-54111 and CVE-2025-54913 are EoP vulnerabilities in Windows UI XAML. CVE-2025-55232 in the Microsoft High Performance Compute (HPC) Pack has a CVSS score of 9.8. CVE-2025-54916 in Windows NTFS has a CVSS score of 7.8 and can be exploited through SMB or local parsing routines. Microsoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. The update improves the servicing stack, updating Windows 10 22H2 systems to build 19045.6396. The update includes fixes and quality improvements from the KB5065429 cumulative update, enabling support for IT administrators to deploy hardening measures for SMB. The update addresses an issue causing non-admin users to receive unexpected User Account Control (UAC) prompts and fixes delays or uneven audio and video performance issues with Network Device Interface (NDI) streaming. Microsoft will stop providing security updates for Windows 10 after October 14, 2025, and the Extended Security Updates (ESU) program is available for Windows 10 users to delay the switch to Windows 11. Individual customers in the European Economic Area (EEA) can enroll in the ESU program for free.

Open in new tab

Critical SessionReaper flaw in Adobe Commerce and Magento Open Source patched

Adobe has patched a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms, dubbed SessionReaper. The flaw, with a CVSS score of 9.1, allows unauthenticated attackers to take control of customer accounts through the Commerce REST API. The patch was released on September 9, 2025, following an emergency notification to selected customers on September 4, 2025. No exploitation in the wild has been reported, but a hotfix leak may have provided threat actors with an advantage. Adobe Commerce on Cloud customers are already protected by a WAF rule. The patch disables certain internal Magento functionalities, potentially affecting custom or external code. The vulnerability impacts multiple versions of Adobe Commerce, Adobe Commerce B2B, and Magento Open Source, as well as the Custom Attributes Serializable module.

Open in new tab

Critical vulnerabilities in SAP NetWeaver and related products addressed

SAP has released security updates addressing multiple vulnerabilities, including three critical flaws in NetWeaver and a high-severity issue in S/4HANA. The most severe, CVE-2025-42944, allows unauthenticated attackers to execute arbitrary OS commands via an insecure deserialization vulnerability in the RMI-P4 module. The second critical flaw, CVE-2025-42922, enables authenticated attackers to upload arbitrary files, potentially leading to full system compromise. The third critical vulnerability, CVE-2025-42958, allows unauthorized high-privileged users to access sensitive data and administrative functions. Additionally, a high-severity missing input validation bug in SAP S/4HANA (CVE-2025-42916) was patched, which could permit attackers to delete the content of arbitrary database tables. These vulnerabilities affect SAP NetWeaver, the foundation for various business applications like ERP, CRM, SRM, and SCM, widely deployed in large enterprise networks. The RMI-P4 port, used for internal SAP-to-SAP communication, may be exposed to wider networks due to misconfigurations. SAP products are frequent targets for high-value compromises due to their handling of mission-critical data. Earlier this month, a critical code injection vulnerability (CVE-2025-42957) was exploited in S/4HANA, Business One, and NetWeaver products. SAP has also updated security notes for other high-severity vulnerabilities in Business One, Landscape Transformation Replication Server, and S/4HANA.

Open in new tab

GhostAction GitHub supply chain attack steals 3,325 secrets

The GhostAction supply chain attack compromised 3,325 secrets from GitHub repositories. The attack, discovered by GitGuardian on September 2, 2025, involved malicious commits to GitHub Actions workflows that exfiltrated secrets to an external domain. The first signs of compromise were detected in the FastUUID project. The attack affected at least 817 repositories and targeted multiple package ecosystems, including PyPI, npm, DockerHub, and AWS keys. The exfiltration endpoint was taken down shortly after the campaign's discovery. The compromised secrets included PyPI tokens, npm tokens, DockerHub tokens, GitHub tokens, Cloudflare API tokens, AWS access keys, and database credentials. The attack impacted at least nine npm and 15 PyPI packages, potentially allowing for the release of malicious or trojanized versions. The Python Software Foundation invalidated all PyPI tokens stolen in the attack, confirming that the threat actors did not abuse them to publish malware. GitGuardian notified the security teams of GitHub, npm, and PyPI and opened issues in 573 impacted repositories. A hundred repositories had already detected and reverted the malicious changes before the full scope of the campaign was uncovered. GitGuardian notified PyPI on September 5, 2025, but the email ended up in the spam folder, delaying the response until September 10, 2025. PyPI advised maintainers to replace long-lived tokens with short-lived Trusted Publishers tokens and review their security history for any suspicious activity.

Open in new tab