News

Cursor AI editor lets repos “autorun” malicious code on devices

A weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious ...

Genkit Go 1.0: Google brings stable AI framework to the Go ecosystem

Google introduces Genkit Go 1.0 and aims to facilitate AI development in the Go programming language with type-safe flows, ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
The Hacker News

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Cursor is an AI-powered fork of Visual Studio Code, which supports a feature called Workspace Trust to allow developers to ...
The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

The malicious JavaScript code ("bundle.js") injected into each of the trojanized package is designed to download and run ...
Windows Report

Microsoft Fabric adds Extensibility toolkit, OneLake upgrades, and Azure Foundry integration

Microsoft Fabric rolls out new toolkit, OneLake enhancements, and Azure AI Foundry integration to simplify enterprise AI.

This 'critical' Cursor security flaw could expose your code to malware - how to fix it

A feature being disabled by default could leave users and their organizations vulnerable to commands that run automatically.

Xiaodao Technology's AI Repair Patent Approved, Breakthrough in Automated Repair of Prototype Pollution Vulnerabilities

Recently, Hangzhou Xiaodao Technology Co., Ltd. announced that its applied patent titled "A Method and System for Generating Automated Repair Suggestions for AI Security Vulnerabilities" (Publication ...
CSO Online

Cursor’s autorun lets hackers execute arbitrary code

By default, malicious repositories run automatically when a folder is opened, putting developer machines and sensitive ...

Microsoft drops .NET 10 RC 'go-live' with 55,000 words on why it's faster

The first release candidate of .NET 10 is out, complete with a "go-live" license, meaning that Microsoft supports production ...

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

.NET 10 Release Candidate 1: Follow-up for Entity Framework Core

Microsoft ORM Mapper learns column types Vector and JSON in Microsoft SQL Server 2025. At the same time, there is a first ...