Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories - The Hacker News

A security flaw in the Cursor AI code editor, a Visual Studio Code fork, allows for silent arbitrary code execution when a maliciously crafted repository is opened. This vulnerability stems from "Workspace Trust" being disabled by default, enabling tasks configured in `.vscode/tasks.json` to auto-execute and posing a significant supply chain risk.