Code Editors | Breaking Cybersecurity News | The Hacker News

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the program. The issue stems from the fact that an out-of-the-box security setting is disabled by default, opening the door for attackers to run arbitrary code on users' computers with their privileges. "Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: 'folderOpen' auto-execute the moment a developer browses a project," Oasis Security said in an analysis. "A malicious .vscode/tasks.json turns a casual 'open folder' into silent code execution in the user's context." Cursor is an AI-powered fork of Visual Studio Code, which supports a feature called Workspace Trust to allow developers to safely browse and edit code regardless of where it came from or who wrote it. With this option disab...

Whether you're a developer, designer or a writer, a good text editor always help you save time and make you work more efficiently. For example, I use Sublime a lot while programming because it includes some useful tools like 'syntax highlighting' and 'autocomplete' that every advanced text editor should have. Moreover, these advanced text editors also offer users extensibility, allowing users to install and run third-party plugins to extend the editor's functionality and most importantly its scope. However, it's a known fact that third-party plugins always pose a significant risk of hacking, whether it's about WordPress plugins or Windows' extensions for Chrome , Firefox or Photoshop. SafeBreach researcher Dor Azouri analyzed several popular extensible text editors for Unix and Linux systems, including Sublime, Vim, Emacs, Gedit, and pico/nano, and found that except for pico/nano, all of them are vulnerable to a critical privilege escala...