Techly NewsGet the app

Get the latest tech news

This 'critical' Cursor security flaw could expose your code to malware - how to fix it


A feature being disabled by default could leave users and their organizations vulnerable to commands that run automatically.

"This has the potential to leak sensitive credentials, modify files, or serve as a vector for broader system compromise, placing Cursor users at significant risk from supply chain attacks," Oasis wrote. Without it, the platform will automatically run code that's in a repository, leaving the window open for bad actors to surreptitiously slip in malware that could then jeopardize a user's system -- and from there, potentially spread throughout a broader network. In a statement to Oasis that was published in the report, Cursor said that its platform operates with Workplace Trust deactivated by default since it interferes with some of the core automated features that users routinely depend on.

Get the Android app

Or read this on ZDNet

Read more on:

Photo of malware

malware

Photo of Code

Code

Photo of Cursor

Cursor

Related news:

News photo

DuckDB NPM packages 1.3.3 and 1.29.2 compromised with malware

News photo

You too can run malware from NPM (I mean without consequences)

News photo

Anthropic's Claude Code runs code to test if it is safe – which might be a big mistake

« Why do browsers throttle JavaScript timers?
Everyone Is Making Smart Glasses Now »