Security researchers at LayerX have disclosed a high-severity vulnerability in the AI-powered development environment Cursor, enabling full credential compromise through malicious extensions. Tracked informally as “CursorJacking,” the flaw carries a CVSS score of 8.2 and allows any installed extension to silently extract API keys and session tokens without user interaction or elevated permissions. The issue […] The post Cursor AI Extension Token Access Flaw Could Lead to Full Credential Compromise appeared first on Cyber Security News.