DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Cursor 0day: When Full Disclosure Becomes the Only Protection Left

Quality: 8/10 Relevance: 9/10

Summary

Mindgard reports a simple yet critical Cursor 0day: when opening a project, Cursor searches for git binaries and may execute a malicious git.exe from the repo root without any user prompts, enabling arbitrary code execution. They detail vendor silence, a public disclosure timeline, and practical mitigations (AppLocker/Windows App Control; sandboxing repositories) while calling for greater accountability in coordinated security disclosures for AI-enabled development tools.

🚀 Service construit par Johan Denoyer