-->
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million
The Hacker News Logo
Get the Latest News
cybersecurity

Command Execution | Breaking Cybersecurity News | The Hacker News

Category — Command Execution
Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

7月 01, 2026 AI Coding / Vulnerability
Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them DuneSlide . They are tracked as CVE-2026-50548 and CVE-2026-50549, both rated 9.8 out of 10 (or 9.3 under the newer CVSS 4.0 scale). The fix is already out. Both bugs are patched in Cursor 3.0, released April 2, and every version before 3.0 is affected. Cursor's maker says more than half the Fortune 500 use the tool, so if you run it, update now. What the sandbox was for, and how it broke Starting in the 2.x line, Cursor runs the terminal commands its AI agent issues inside a sandbox by default: a locked box that limits what those commands can touch, so a stray instruction cannot wreck the machine. DuneSlide is about getting out of that box. The way in is prompt injection . The attacke...
Investigating a New Click-Fix Variant

Investigating a New Click-Fix Variant

3月 13, 2026 Malware / Threat Hunting
Disclaimer : This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is intended for informational and preparedness purposes only. Read more blogs around threat intelligence and adversary research: https://atos.net/en/lp/cybershield  Summary Atos Researchers identified a new variant of the popular ClickFix technique, where attackers convince the user to execute a malicious command on their own device through the Win + R shortcut. In this variation, a “net use” command is used to map a network drive from an external server, after which a “.cmd” batch file hosted on that drive is executed. Script downloads a ZIP archive, unpacks it, and executes the legitimate WorkFlowy application with modified, malicious logic hidden inside “.asar” archive. This acts as...
Expert Insights Articles Videos
Cybersecurity Resources