All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Cursor IDE Malware Extension Compromise in $500k Crypto Heist

11mo agoen

Source

SnykCursor IDE Malware Extension Compromise in $500k Crypto Heistsnyk.io
Snippet from the RSS feed
Learn about the recent $500K crypto heist caused by a malicious "Solidity Language" extension in Cursor IDE. Understand how compromised IDE extensions and third-party registries pose significant supply chain risks for developers and the broader AI ecosystem.

You might also wanna read

Critical Cursor AI IDE Vulnerabilities Allow Remote Code Execution via Prompt Injection

Two critical vulnerabilities (CVE-2026-50548 and CVE-2026-50549) have been discovered in Cursor AI IDE, each with a CVSS score of 9.8. Named

briefly.co·5d ago

Malicious VS Code AI Extensions with 1.5M Installs Secretly Harvest Developer Codebases

Two popular VS Code AI coding extensions with 1.5 million installs have been identified as malicious, secretly harvesting developers' entire

koi.ai·5mo ago

Critical zero-click prompt injection vulnerabilities in Cursor AI code editor allow sandbox escape and remote code execution

Two critical zero-click prompt injection vulnerabilities (CVE-2026-50548 and CVE-2026-50549, collectively "DuneSlide") were discovered in Cu

undercodetesting.com·4d ago

Security Researcher Discovers Vulnerabilities in VSCode Extensions and Core Software

A security researcher details their discovery and disclosure of three vulnerabilities in VSCode extensions and one in VSCode itself (CVE-202

blog.trailofbits.com·4mo ago

Trust Wallet Chrome Extension Compromised in Supply Chain Attack, $7 Million Stolen

The Trust Wallet Chrome extension was compromised in a supply chain attack where malicious code in version 2.68 exfiltrated wallet seed phra

web3isgoinggreat.com·6mo ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·3mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.