Loopsy is an open-source tool enabling cross-machine communication between AI coding agents (Claude Code, Cursor, Codex) and mobile devices via a self-hosted Cloudflare Workers relay. While designed …
Google has patched a maximum-severity (CVSS 10.0) vulnerability in its Gemini CLI tooling that allowed unauthenticated attackers to achieve remote code execution by planting malicious configuration …
A systemic 'by design' vulnerability in Anthropic's Model Context Protocol (MCP) SDK enables arbitrary remote code execution across all supported language implementations via unsafe STDIO transport …
A chained vulnerability in Cursor AI—a widely-used AI-powered code editor—allowed attackers to combine indirect prompt injection with a sandbox escape and the application's built-in remote tunnel …
Threat actors are actively exploiting internet-exposed ComfyUI instances — a popular AI image generation platform — by abusing its custom node execution feature to achieve unauthenticated remote code …