A critical vulnerability allowing attackers to inject malicious code into Cursor’s embedded browser through compromised MCP (Model Context Protocol) servers. Unlike VS Code, Cursor lacks integrity verification on its proprietary features, making it a prime target for tampering. The attack begins when a user downloads and registers a malicious MCP server through Cursor’s configuration file.
The post Hackers Use Rogue MCP Server to Inject Malicious Code and Control the Cursor’s Built-in Browser appeared first on Cyber Security News. Read More
Posted inNews