Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak. […]
Author Archives: Onsite Computing, Inc.
The biggest security threats aren’t always the ones banging on the front door. A recently uncovered flaw shows that hackers can abuse a Microsoft 365 feature to send malicious emails that appear to originate from inside your company. Because they look like internal mail, they often bypass traditional security filters, making them particularly dangerous. The […]
We all know to be careful of suspicious emails from strangers. But what happens when a scam email looks like it was sent by your own colleague? A newly discovered scam allows hackers to become imposters within your organization’s email system, making it harder than ever to tell what’s real and what’s a trap. The […]
Many people are getting better at spotting phishing attacks from outside sources. But what if the attack appears to come from within your own company? A recently discovered vulnerability in Microsoft 365 is being used to bypass traditional security, making it easier than ever for hackers to send you convincing fake emails that slip past […]
Security debt ahoy: only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time. Go to Source Author: Robert Lemos, Contributing Writer
By creating a safe environment for open discussion, prioritizing human context alongside technical data, and involving diverse stakeholders, organizations can turn security incidents into accelerators of resilience. Go to Source Author: Pritesh Parekh
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. “The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign,” Proofpoint said in a Thursday report. The Go to Source Author:
What if malware didn’t require an operating system to function? How would anyone possibly notice, let alone disable it? Go to Source Author: Nate Nelson, Contributing Writer
A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. […] Go to Source Author: Ionut Ilascu
Go to Source Author: