Eine Russlandreise von Abgeordneten bringt die AfD einmal mehr in die Schlagzeilen. Die Partei pflegt auf allen Ebenen hochproblematische Kontakte.

I hate hyperbolic news headlines about data breaches, but for the "2 Billion Email Addresses" headline to be hyperbolic, it'd need to be exaggerated or overstated - and it isn't. It's rounded up from ...

Die Stadtwerke Detmold sind Ziel eine Hackerangriffs geworden. Seit Sonntagnacht funktioniert das gesamte IT -System nicht mehr.

Das angekündigte Reformpaket ist da und die EU-Kommission bleibt auf Konfrontationskurs: Statt den Datenschutz zu vereinfachen, schleift sie Grundrechte. Statt europäischen Unternehmen zu helfen, komm...

Zentrum für Digitalrechte und Demokratie

Yesterday, I published on "Great AI Bubble". Today, Silicon Valley's Dr Evil dumps his stock

Sneaky2FA, a popular among cybercriminals phishing-as-a-service (PhaaS) kit, has added Browser-in-the-Browser (BitB) capabilities, giving "customers" the option to launch highly deceptive attacks.

The story of the Ghost in the Shell’s main villain the Puppet Master hinted at a future where governments use hackers for espionage, at a time when most of the world had never connected to the interne...

Die Bedrohung durch Cyberangriffe in Deutschland bleibt hoch. Hacker hätten es besonders auf die öffentliche Verwaltung abgesehen, warnt das Bundesamt für Sicherheit in der Informationstechnik in sein...

: Attackers may be joining the dots to enable unauthenticated RCE

Sales of an artificial intelligence-enabled plush toy have been suspended after it was found that it engaged in conversation around sexually explicit topics and offered potentially dangerous advice.

Welcome back to Instagram. Sign in to check out what your friends, family & interests have been capturing & sharing around the world.

AI agents and coding copilots are shaking up how — and what — developers code. But they’re also rapidly expanding the attack surface of developer machines The latest example: Security researchers have shown how a rogue Model Context Protocol (MCP) server can inject malicious code into the built-in browser feature of Cursor, a popular AI-powered code editor. “We demonstrate how a single malicious MCP server can replace login pages inside Cursor’s internal browser with an attacker-controlled page that harvests credentials and sends them to a remote attacker,” researchers from AI cybersecurity firm Knostic.ai wrote in new research shared with CSO. “We also show how that same capability allows an attacker to fully compromise the victim’s workstation.” Originally developed by Anthropic to facilitate communication between large language models (LLMs) and external data sources or applications to improve workflow context, MCP has become a key component for developing AI agents that automate tasks by leveraging external tools. The protocol uses a client-server architecture, in which applications expose functionality to LLMs through an MCP server and AI agents or applications connect to those services through an MCP client. Integrated development environments (IDEs) such as Microsoft’s Visual Studio Code — and those based on it, like Cursor and Windsurf — natively support integration with MCP servers. To enhance security, most IDE vendors maintain repositories with vetted MCP servers, but IDE users can also deploy custom servers manually. Such servers can be found all over the internet, including GitHub. Earlier this year, researchers found hundreds of MCP servers in public GitHub repositories that had dangerous misconfigurations, including default exposure to untrusted networks and OS command injection paths. Attacking Cursor and other VS Code-based IDEs Cursor is essentially a fork of VS Code with code added to turn it into an AI-assisted coding tool, whereas VS Code gets its AI capabilities through extensions. Knostic researcher Dor Munis, who developed the MCP attack against Cursor, told CSO that unlike VS Code, which performs integrity checks of its own files, Cursor does not. As a result, any modification of its own code will not present the user with a warning. VS Code, and by extension Cursor and other VS Code forks, is built on Electron, a framework used to develop cross-platform applications with Node.js and the Blink browser engine from Chrome. Because of this, these applications employ a JavaScript interpreter. As IDEs, they also have file system access and elevated permissions to perform tasks. Knostic researchers recently published a proof-of-concept attack against Cursor implemented through a malicious extension that injected malicious JavaScript into the running IDE to execute actions and manipulate its user interface. Malicious extensions have also been found in the VSCode Marketplace and the OpenVSX registry, which Cursor also uses, including a self-propagating worm that harvests credentials from developer machines. Knostic’s newly unveiled attack is similar in concept, but delivered via a malicious MCP server, it expands the attack surface beyond extensions. “An MCP server should be treated exactly like VS Code extensions in terms of security,” Munis said. That’s because MCP servers are essentially downloaded to run on your computer, and inherit the permissions of the IDE you use, he explained. In his proof-of-concept attack, Munis shows that an MCP server can inject JavaScript code into the built-in browser that Cursor recently added to allow developers to visually test changes to their application code and to allow Cursor’s AI agent to automatically perform tasks that require browsing. Using this technique, Munis replaced the browser’s actively displayed page with a log-in prompt, like in a phishing scenario, but without the URL ever changing — in other words, injected code’s changes happen on the fly. Of course, the impact of such an attack would depend on what the victim is doing in the browser. Developers might be displaying sensitive data from the web app they’re working on, or they might be logged into a service. It’s worth noting that the internal browser saves authentication cookies for the session and those could also be targeted. The attack was developed to prove successful JavaScript code injection via an MCP server, but just like with the extension attack, it could be expanded to perform other malicious actions inside the Cursor IDE itself. Defenses Organizations must review and control, both through policy and access controls, the IDE extensions and MCP servers their developers use. They should do this just like they should be vetting application dependencies from package registries such as npm or PyPI to prevent the compromise of developer machines or inheriting vulnerabilities in their code. Attackers are increasingly using VS Code extensions as an attack vector to target developers and it’s only a matter of time before they’ll start abusing MCP servers more widely. “Try to find the project’s GitHub repo and review the code,” the Knostic team advised. “This is a program you install on your computer that can do anything. If there’s doubt about its credibility, DO NOT USE IT.” Using auto-run modes, in which agents are allowed to perform tasks automatically inside the IDE without a human approving the steps, also known as YOLO mode, should also be avoided. “Never blindly enable anything, especially MCP functionality,” the team warned. “Don’t assume that everything your AI agent generated is as you expected. Read through the code before you perform actions in the embedded browser.” In its MCP documentation, Cursor itself warns developers to: * Verify an MCP server’s source and only install from trusted developers and repositories * Check what data and APIs the server is supposed to access * Use API keys with restricted permissions * Audit the server’s code for critical integrations

Three prominent investors with almost nothing in common are dumping their shares of Nvidia, the computer chip juggernaut that went from relative obscurity to the world’s first $5 trillion valuation in...

Under the proposal, the EU would weaken data protection rules by delaying when regulations governing high-risk AI systems take effect and allowing companies to use personal data for AI training without prior consent from users in most circumstances.

An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation.

Analyse zu Julia Klöckner: Eine datenbasierte Recherche zu ihren Social-Media-Posts, politischen Signalen und ihrer Rolle in der CDU.

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware carte...