Wiz researchers found that six AI coding assistants will write to your SSH keys or shell config while displaying an innocent-looking filename in the confirmation dialog. The agent knows. The dialog doesn't say.
Wiz researchers found that six AI coding assistants will write to your SSH keys or shell config while displaying an innocent-looking filename in the confirmation dialog. The agent knows. The dialog doesn't say.
Two critical vulnerabilities in Cursor IDE, CVE-2026-50548 and CVE-2026-50549 (collectively DuneSlide), allow prompt injection attacks to escape the editor's sandbox and execute arbitrary code at the OS level — with no user click required. All Cursor versions before 3.0 are affected. Cato Networks disclosed publicly on July 3, 2026.
Adversa AI tested 11 open-source AI coding agents against five Bash shell bypass classes and found 10 of them can be manipulated into running destructive commands through shell expansion tricks that their guards never see. Only Continue passed every case.
A sandbox bypass in Cursor's agentic mode lets attackers poison shell environment variables through implicitly trusted built-ins, converting approved commands like git branch or python3 into arbitrary code execution.
Microsoft attributes the Mastra AI npm supply chain attack to Sapphire Sleet, a North Korean state actor: 144 packages backdoored via a hijacked contributor account, targeting LLM API keys, cloud credentials, and cryptocurrency wallets.