Cursor\u2019s AI coding agent morphed \u2018into local shell\u2019 with one-line prompt attack | CyberScoop<\/title> <meta name=\"description\" content=\"The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cursor-ai-prompt-injection-attack-remote-code-privileges-aimlabs\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Cursor\u2019s AI coding agent morphed \u2018into local shell\u2019 with one-line prompt attack\"> <meta property=\"og:description\" content=\"The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cursor-ai-prompt-injection-attack-remote-code-privileges-aimlabs\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-08-01T19:51:02+00:00\"> <meta property=\"article:modified_time\" content=\"2025-08-01T19:51:05+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=1024,725\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"725\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1752617955g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1750115417g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/85422\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=85422\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcursor-ai-prompt-injection-attack-remote-code-privileges-aimlabs%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcursor-ai-prompt-injection-attack-remote-code-privileges-aimlabs%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-85422 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cursor-ai-prompt-injection-attack-remote-code-privileges-aimlabs\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.390134529148\">\n<div class=\"single-article__header-content\" readability=\"36.412993039443\">\n<p> The flaw, disclosed a month after it was patched, provided an attacker with remote code execution privileges by poisoning the data ingested by the model. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/85422\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"453\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack.jpg?resize=640%2C453&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"PHP\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg 2831w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=300,212 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=768,544 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=1024,725 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=1536,1088 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=2048,1450 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=600,425 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=237,168 237w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=476,337 476w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=953,675 953w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-3.jpg?resize=1190,843 1190w\" sizes=\"(max-width: 953px) 100vw, 953px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"29.83402183535\"><body readability=\"60.022640195054\"><\/p>\n<p>Threat researchers at AimLabs on Friday disclosed a data-poisoning attack affecting the AI-powered code editing software Cursor that would have given an attacker remote code execution privileges over user devices.<\/p>\n<p>According to AimLabs, the flaw was reported to Cursor on July 7 and a patch was included in an update one day later for version 1.3 of Cursor. All previous versions of the software remain \u201csusceptible to remote-code execution triggered by a single externally-hosted prompt-injection,\u201d <a href=\"https:\/\/www.aim.security\/lp\/aim-labs-curxecute-blogpost\">according to a blog post<\/a> from the company.<\/p>\n<p>The vulnerability, being tracked under CVE-2025-54135, occurs when Cursor interacts with a Model Contest Protocol (MCP) server that helps the software access a number of external tools from Slack, GitHub and other databases that are used to develop software.<\/p>\n<p>But like EchoLeak \u2014 another AI model flaw discovered by AimLabs last month \u2014 Cursor\u2019s agent can be hijacked and manipulated through malicious prompts when it fetches data from MCP servers.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Through a single line of prompting, an attacker can influence the actions of Cursor \u2014 which has developer-level privileges on host devices \u2014 in ways that are nearly silent and invisible to the user. In this case, the researchers executed their prompt injection<a href=\"https:\/\/vimeo.com\/1104084306?fl=pl&fe=vl\"> directly through Slack<\/a>, which was fetched by Cursor through a connected MCP server. This prompt altered Cursor\u2019s configuration file, causing it to add another server with a malicious start command. <\/p>\n<p>Crucially, the moment these edits are given to Cursor it executes the malicious commands immediately, before the user can reject the suggestion. <\/p>\n<p>It\u2019s a reminder that many organizations and developers are integrating AI systems into their business operations without fully understanding where it may open them up to new risks. Not only do these models routinely generate out insecure software code, but the agents themselves are suggestible to instructions from external third-parties. A single poisoned document can \u201cmorph an AI agent into a local shell.\u201d<\/p>\n<p>\u201cThe tools expose the agent to external and untrusted data, which can affect the agent\u2019s control-flow,\u201d the company wrote. \u201cThis in turn, allows attackers to hijack the agent\u2019s session and take advantage of the agent\u2019s privileges to perform on behalf of the user.\u201d<\/p>\n<p>While this vulnerability has been fixed, the researchers said this type of flaw is inextricably tied to the way most large language models operate, ingesting commands and direction in the form of external prompting. As a result, they believe it\u2019s likely that most major models will continue to be vulnerable to similar variants of the same problem.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cBecause model output steers the execution path of any AI agent, this vulnerability pattern is intrinsic and keeps resurfacing across multiple platforms,\u201d the blog concluded.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7833655705996\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"22.391011235955\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/vibe-coding-ai-cybersecurity-llm\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-2.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg 7008w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/08\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack-4.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> Research shows that AI-generated code is remarkably insecure. Yet experts tell CyberScoop it\u2019s up to industry to figure out a way to limit the issues the technology introduces. (Image Source: Getty) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"2.1410788381743\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/vibe-coding-ai-cybersecurity-llm\/\"> Vibe coding is here to stay. Can it ever be secure? <\/a> <\/h3>\n<p> Research shows that AI-generated code is remarkably insecure. Yet experts tell CyberScoop it’s up to industry to figure out a way to limit the issues the technology\u2026 <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cursor-ai-prompt-injection-attack-remote-code-privileges-aimlabs\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cursor\u2019s AI coding agent morphed \u2018into local shell\u2019 with one-line<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,78,256,4389,643],"tags":[236,86,262,4390,645],"class_list":["post-7857","post","type-post","status-publish","format-standard","hentry","category-ai","category-cybersecurity","category-research","category-vibe-coding","category-vulnerabilities","tag-ai","tag-cybersecurity","tag-research","tag-vibe-coding","tag-vulnerabilities"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vibe-coding\/\" rel=\"category tag\">vibe coding<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a>","tag_info":"vulnerabilities","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7857"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7857\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7857,"date":"2025-08-01T14:51:02","date_gmt":"2025-08-01T19:51:02","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=85422"},"modified":"2025-08-01T14:51:02","modified_gmt":"2025-08-01T19:51:02","slug":"cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/08\/01\/cursors-ai-coding-agent-morphed-into-local-shell-with-one-line-prompt-attack\/","title":{"rendered":"Cursor\u2019s AI coding agent morphed \u2018into local shell\u2019 with one-line prompt attack"},"content":{"rendered":"