Close Menu
  • Home
  • Cybercrime and Ransomware
  • Emerging Tech
  • Threat Intelligence
  • Expert Insights
  • Careers and Learning
  • Compliance

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Strengthening Security Across the Microsoft Partner Ecosystem

July 2, 2026

Threat Intelligence Essential Against Emerging Cyber Attack Techniques

July 2, 2026

Google disrupts large residential proxy employed for malicious activity

July 2, 2026
Facebook X (Twitter) Instagram
The CISO Brief
  • Home
  • Cybercrime and Ransomware
  • Emerging Tech
  • Threat Intelligence
  • Expert Insights
  • Careers and Learning
  • Compliance
Home » Cursor Glitch Opens Door to Credential Theft

Cursor Glitch Opens Door to Credential Theft

Staff WriterBy Staff WriterNovember 17, 2025No Comments5 Mins Read6 Views
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest WhatsApp Email

Essential Insights

  1. Insecurity in Cursor: The AI-powered developer environment, Cursor, has a critical flaw that enables attackers to inject malicious JavaScript, compromising user credentials and posing risks to the software development supply chain.

  2. Lack of Integrity Checks: Unlike other coding platforms like Visual Studio Code, Cursor fails to implement essential integrity checks, making it a more vulnerable target for tampering, as discovered by cybersecurity researchers at Knostic.

  3. Privileged Access Exploitation: Through the use of a malicious Model Context Protocol (MCP) server, researchers demonstrated how attackers could gain privileged access, modify runtime components, and execute arbitrary code within Cursor.

  4. Mitigation Recommendations: Developers are advised to thoroughly review all MCPs and extensions, avoid auto-run modes, and closely scrutinize AI-generated code to mitigate the inherent risks associated with using AI-assisted development tools.

[gptAs a technology journalist, write a short news story divided in two subheadings, at 12th grade reading level about ‘Cursor Issue Paves Way for Credential-Stealing Attacks’in short sentences using transition words, in an informative and explanatory tone, from the perspective of an insightful Tech News Editor, ensure clarity, consistency, and accessibility. Use concise, factual language and avoid jargon that may confuse readers. Maintain a neutral yet engaging tone to provide balanced perspectives on practicality, possible widespread adoption, and contribution to the human journey. Avoid passive voice. The article should provide relatable insights based on the following information ‘

An inherent insecurity in the increasingly popular artificial intelligence (AI)-powered developer environment Cursor allows attackers to take over its browser to deliver credential-stealing attacks. The flaw allows for JavaScript injection to circumvent Cursor’s own controls, and demonstrates a threat to the overall agentic AI-assisted developer ecosystem.

Researchers at cybersecurity vendor Knostic discovered the attack vector, which exploits Cursor’s failure to perform integrity checks on features specific to the development environment, according to a recent blog post. Other coding environments, such as Visual Studio (VS) Code, perform these checks and, thus, add a security layer the Cursor AI environment doesn’t have.

“That difference makes Cursor’s runtime components a higher-risk target for tampering,” Knostic researcher Dor Munis wrote in the post. Indeed, researchers have discovered various weaknesses and flaws in these emerging AI-assisted developer tools that pose new threats to the software development supply chain.

Knostic demonstrated Cursor’s insecurity in an attack that replaced the login pages within Cursor’s internal browser with a page that harvests credentials and sends users to a remote attacker. The researchers also showed how an attacker also can compromise a victim’s workstation.

Related:New Security Tools Target Growing macOS Threats

MCP Server Used for Exploitation 

Knostic abused a model context protocol (MCP) server to take advantage of the weakness, giving the attacker in this scenario privileged access to the environment. MCPs are programs that use standard protocol interfaces to expose specific capabilities to AI applications.

“Since MCP servers also require broad permissions to function, it can be catastrophic when MCP servers are abused: components can modify themselves, escalate privileges, and gain new capabilities without user visibility,” Munis wrote.

To exploit the insecurity they found in Cursor, the researchers first created a proof of concept of a malicious MCP server, then implemented a script to modify unverified code for when an MCP server is registered. “This allowed us to inject arbitrary code and hijack the internal browser,” Munis explained.

The researchers accomplished this by finding Cursor’s extension within the local extensions directory, which required no permission or checksum recalculation in product.json, he said. They then assigned document.body.innerHTML = [HTML_PAYLOAD], which overwrote the entire page body and bypassed UI-level checks. “This ensured the attacker-controlled content was what the user saw,” Munis wrote.

Related:‘CitrixBleed 2’ Wreaks Havoc as Zero-Day Bug

In the next attack stage, the researchers searched for the browser-tab-id and replaced it with a payload that executed a command in Cursor to run JavaScript inside the embedded browser. From that point on, every browser tab Cursor opened executed the malicious code, Munis said.

No Flaw to Fix, But Attack Can Be Mitigated

Knostic informed Cursor that they were publishing the research, but the company emphasized that there is no flaw for Cursor developers to fix; instead, the attack demonstrates the inherent insecurity of the environment. “This is basic functionality of how [Cursor] works, but we did inform them and made sure they agree,” Knostic’s CEO and founder Gadi Evron tells Dark Reading.

The point is that Cursor itself and other AI developer tools are often inherently built in a vulnerable way, exposing the broader developer ecosystem to threats. Indeed, other security researchers also have warned that while AI-assisted development presents a modern convenience, it also introduces an entirely new attack surface.

“The new supply-chain risks associated with agents are significant, and organizations have minimal visibility into their use,” Munis wrote. “MCP servers, extensions, and even simple prompts can potentially execute code in a user’s environment, and by extension, the corporate network, without their knowledge.”

Related:Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs

To mitigate these inherent risks, developers using these tools should triple-check every MCP and extension they add, as well as finding the specific project’s GitHub repository and review the code.

“This is a program you install on your computer that can do anything,” Munis cautioned. “If there’s doubt about its credibility, DO NOT USE IT.” 

Munis also recommended that developers “never blindly enable anything, especially MCP functionality,” and avoid using auto-run modes. As a general rule when using AI agents for code generation, developers should review code before performing actions in the embedded browser rather than assuming that everything the AI agent generates is as expected, he added.

‘. Do not end the article by saying In Conclusion or In Summary. Do not include names or provide a placeholder of authors or source. Make Sure the subheadings are in between html tags of

[/gpt3]

Continue Your Tech Journey

Stay informed on the revolutionary breakthroughs in Quantum Computing research.

Explore past and present digital transformations on the Internet Archive.

CyberRisk-V1

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleDoorDash Data Breach: Personal Information Stolen
Next Article Dragon Breath Exploits RONINGLOADER to Bypass Security & Deploy Gh0st RAT
Avatar photo
Staff Writer
  • Website

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Comments are closed.

Latest Posts

Scattered Spider Member Extradited to U.S.

July 2, 2026

Critical Vulnerability Lets Hackers Read Arbitrary Files on Cisco Catalyst Center

July 2, 2026

JADEPUFFER Ransomware Uses Base64 Python Payloads to Steal Cloud & API Keys

July 2, 2026

Browser-Only Ransomware Hacks Chrome API to Encrypt Android Photos

July 2, 2026
Don't Miss

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

Recent Posts

  • Strengthening Security Across the Microsoft Partner Ecosystem
  • Threat Intelligence Essential Against Emerging Cyber Attack Techniques
  • Google disrupts large residential proxy employed for malicious activity
  • Scattered Spider Member Extradited to U.S.
  • South Korea Denies Discrimination Allegations Against Coupang
About Us
About Us

Welcome to The CISO Brief, your trusted source for the latest news, expert insights, and developments in the cybersecurity world.

In today’s rapidly evolving digital landscape, staying informed about cyber threats, innovations, and industry trends is critical for professionals and organizations alike. At The CISO Brief, we are committed to providing timely, accurate, and insightful content that helps security leaders navigate the complexities of cybersecurity.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Strengthening Security Across the Microsoft Partner Ecosystem

July 2, 2026

Threat Intelligence Essential Against Emerging Cyber Attack Techniques

July 2, 2026

Google disrupts large residential proxy employed for malicious activity

July 2, 2026
Most Popular

Protecting MCP Security: Defeating Prompt Injection & Tool Poisoning

January 30, 202633 Views

Unlock the Power of Free WormGPT: Harnessing DeepSeek, Gemini, and Kimi-K2 AI Models

November 27, 202530 Views

The New Face of DDoS is Impacted by AI

August 4, 202528 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025

Categories

  • Compliance
  • Cyber Updates
  • Cybercrime and Ransomware
  • Editor's pick
  • Emerging Tech
  • Events
  • Featured
  • Insights
  • Most Read
  • Threat Intelligence
  • Uncategorized
© 2026 thecisobrief. Designed by thecisobrief.
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions

Type above and press Enter to search. Press Esc to cancel.