An unpatched vulnerability in Cursor on Windows could allow attackers to achieve code execution via malicious repositories.
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...