A high-severity access-control vulnerability (CVSS 8.2) in Cursor, a widely used AI-powered coding environment. The flaw uncovered by LayerX has allowed any installed extension to access a developer’s API keys and session tokens secretly. This results in total credential compromise without triggering any alerts or requiring user interaction. Unlike secure applications that store sensitive secrets […] The post Cursor AI Extension Access Developer Tokens Leads to Full Credential Compromise appeared first on Cyber Security News.