CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Geeky Gadgets

Browser MCP and Cursor : Easily Automate Web Tasks and Online Data Collection

The Browser MCP (Model Context Protocol) server, when paired with Cursor, provides a comprehensive platform for automating browser tasks and testing web applications. By combining browser navigation, ...
Dark Reading

Cursor Issue Paves Way for Credential-Stealing Attacks

An inherent insecurity in the increasingly popular artificial intelligence (AI)-powered developer environment Cursor allows attackers to take over its browser to deliver credential-stealing attacks.
CSOonline

Misconfigured MCP servers expose AI agent systems to compromise

Hundreds of Model Context Protocol (MCP) servers used to link LLMs to third-party services, data sources, and tools include default configurations that could expose users to unauthorized OS command ...