Skip to content
SecurityProgramming

Cursor IDE Dependency Cooldown Bypass Disclosed

tldr / infosec 20h ago 6

A security researcher demonstrated that Cursor, the AI-powered code editor, can bypass dependency cooldown protections designed to prevent premature or malicious package updates. The bypass raises supply chain security concerns for developers relying on the tool, though technical details remain limited in the initial disclosure.

Read full article →

More Security

OpenAI Ships Million-Line Product Written Entirely by Codex Agents

hackernews / top 1d ago 9

OpenAI details building and shipping a full product with zero manually-written code using Codex agents, achieving roughly 10x speed and redefining engineering as steering rather than coding.

Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations

tldr / ai 20h ago 9

Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.

GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines

theregister / security 6h ago 9

GitHub disabled 70+ Microsoft repos in under two minutes after the Miasma worm infected projects via compromised commits, breaking CI/CD pipelines and triggering RCE in developer tools.