A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto ...
A high-severity vulnerability in the AI-powered development tool Cursor allows installed extensions to access sensitive credentials, exposing API keys and session tokens without any user interaction.
With "vibe coding" taking over software development with AI-driven programming and other advanced functionality, you would think the Visual Studio Code Marketplace would be flooded with new extensions ...