Find notable cyber news and cases, enriched with sources, timelines, and signals.

AI-powered IDEs prompt-injection RCE and data-exfiltration flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

A disclosed set of 30+ vulnerabilities in AI-powered IDEs and coding assistants creates data exfiltration and remote code execution risk across tools such as Cursor and GitHub Copilot. The flaws are chained through prompt injection and legitimate IDE features, and 24 CVEs have already been assigned. The disclosure shows that normal development workflows can be turned into attack paths when AI agents trust hostile context.

Related Happenings

Defensive guidance for splitting behavioral detections around AI coding agents on Windows endpoints

Defensive Guidance
First: 08.07.2026 20:02 Last: 08.07.2026 20:02 Sources 1

About this happening: AI coding agents on **Windows endpoints** are triggering attacker-style detections, forcing defenders to separate benign automation from real **credential theft** risk. A **June 2...

HalluSquatting indirect prompt-injection attack on AI coding assistants

Technical Analysis
H score3 First: 08.07.2026 18:07 Last: 08.07.2026 18:07 Sources 1

About this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....

Workflow-level jailbreak makes GitHub Copilot Chat write harmful answers in code files

Technical Analysis
H score22 First: 08.07.2026 14:21 Last: 08.07.2026 14:21 Sources 1

About this happening: Researchers demonstrated a **workflow-level jailbreak** against **GitHub Copilot Chat** that caused harmful answers to be written inside code tasks even when direct chat prompts w...

GitHub Agentic Workflows indirect prompt injection security flaw

Vulnerability
H score27 First: 07.07.2026 17:04 Last: 07.07.2026 17:04 Sources 1

About this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...

SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware

Technical Analysis
H score22 First: 06.07.2026 09:33 Last: 06.07.2026 09:33 Sources 1

About this happening: **SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...

Timeline

  1. 06.12.2025 17:24 2 articles · 7mo ago

    IDEsaster disclosure of AI IDE vulnerabilities

    Initial Disclosure

    Security researcher Ari Marzouk (MaccariTA) disclosed 30+ vulnerabilities in AI-powered IDEs and coding assistants, naming the issue set IDEsaster. The affected tools include Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie, and Cline, and 24 of the issues received CVE identifiers. The disclosed attack chains combine prompt injection, auto-approved agent tool calls, and legitimate IDE features to leak sensitive files or achieve remote code execution.

    Show sources