Researcher Uncovers 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks - The Hacker News

Security researcher Ari Marzouk disclosed "IDEsaster," a collection of over 30 vulnerabilities, with 24 assigned CVEs, affecting various AI-powered Integrated Development Environments (IDEs) like GitHub Copilot and Cursor. These flaws enable attackers to chain prompt injection techniques with legitimate IDE features and auto-approved AI agent tool calls to achieve sensitive data exfiltration and remote code execution (RCE).