Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Cursor tasks.json autorun proof-of-concept for shell-command execution

Technical Analysis
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

A Cursor proof-of-concept now shows that a malicious .vscode/tasks.json can trigger automatic shell-command execution when a project folder opens, putting developer systems at immediate risk. The behavior can expose credentials, API tokens, and local files, or let attackers plant malware and widen compromise. Workspace Trust being disabled from VS Code in Cursor leaves the autorun path enabled by default.

Related Happenings

Google Gemini CLI workspace-trust hardening update

Security Patch Release
First: 30.04.2026 10:07 Last: 30.04.2026 10:07 Sources 1

About this happening: Google released a **Gemini CLI** security update that changes **workspace-trust handling** for **headless CI workflows**, reducing the risk that untrusted folders can trigger **ho...

Open Happening

Cursor local SQLite secret-storage exposing credentials security flaw

Vulnerability
First: 29.04.2026 18:00 Last: 29.04.2026 18:00 Sources 1

About this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...

Open Happening

StoatWaffle malware distributed through malicious VS Code projects

Malware Activity
First: 23.03.2026 20:09 Last: 23.03.2026 20:09 Sources 1

About this happening: The **StoatWaffle** malware is being delivered through malicious **VS Code projects**, creating a live risk of **credential theft** and **remote command execution** on developer s...

Open Happening

Cursor IDE MCP deeplink code execution security flaw

Vulnerability
First: 17.03.2026 17:00 Last: 17.03.2026 17:00 Sources 1

About this happening: A **Cursor IDE** flaw in **MCP deeplinks** can let crafted installation links trigger **arbitrary commands** or install **malicious components** under some user-approval and confi...

Open Happening

VSCode extensions local file theft and RCE vulnerabilities (multiple vulnerabilities)

Vulnerability
First: 17.02.2026 23:27 Last: 17.02.2026 23:27 Sources 1

About this happening: **High-to-critical vulnerabilities** in popular **VSCode extensions** can expose developers to **local file theft** and **remote code execution** across software downloaded more t...

Open Happening

Timeline

  1. 10.09.2025 18:46 2 articles · 8mo ago

    Oasis Security discloses Cursor tasks.json autorun flaw

    Technical Analysis Update

    Oasis Security says Cursor disables Workspace Trust by default, allowing a malicious repository with a .vscode/tasks.json file to run tasks automatically when a project folder opens and execute arbitrary code in the current user's environment without explicit commands. The researchers published a proof-of-concept that executes a shell command to send the current user's name, and Cursor said it intends to keep the autorun behavior while updating its security guidance and instructions for enabling Workspace Trust.

    Show sources
    Open in new tab