The IDE is employed by more than half of the Fortune 500. Both RCE flaws, called “DuneSlide,” were given a 9.8 CVSS score. The security bugs are tracked as CVE-2026-50548 and CVE-2026-50549.
The bugs demonstrated how prompt injection can move beyond the LLM layer and reveal classical bugs in code paths that were earlier not thought of as part of the attack surface.
A threat actor can exploit either of these bugs to overwrite critical system files (such as cursorsandbox binary), changing sandboxed comments into unsandboxed RCE and resulting in a full system hack on both the victim device and linked SaaS workspaces.
Bugs found: Cato AI Labs found two separate, critical bugs in Cursor IDE, resulting in non-sandboxed RCEs on the victim’s system.
Arbitrary file write through prompt injection: Via zero-click prompt injection, these bugs could let a threat actor use zero-click prompt injections to write arbitrary files on the target’s local system.
Escaping sandbox and RCE: If leveraged, a threat actor can jump out of the terminal sandbox and attain a full RCE and a complete device exploit.
Zero-click attack vector: The exploit doesn’t need any prior user privileges or particular interaction. It is prompted when a target makes an “makes an innocuous prompt that inadvertently ingests a threat actor-controlled payload from an untrusted source, such as an MCP server or a web search result,” Cato AI Labs reported.
The first bug surfaces from how the sandbox creates its security boundaries based on tool parameters. If a sandbox command is executed, Cursor creates a seatbelt policy that allows writing into the present working directory.
This means that a remote hacker cannot command the working directory of a sandboxed operation because coding agents are a unique part of software. But, in this bug, a prompt injection works as the passageway to that part of the code.
The second vulnerability is fully independent of the first and exists in Cursor’s file path resolution edge instances. It allows hackers to avoid beyond-limits write restrictions via symbolic links.
In most traditional software, an external hacker cannot remotely generate symlinks on the target's system. In this scenario, a prompt injection changed the Cursor agent to a bridgehead for non-trivial activities that end in a full system compromise.
After an investigation of the breach, the organization discovered that between March and April, the hacker accessed files carrying personal data of employees.
It is a Japanese industrial manufacturer famous for its construction and agricultural work. Kubota has plants in 120 counties and currently employs over 52,000 people. Kubota has an annual revenue of $20 billion.
The North American division consists of facilities that make utility vehicles, tractors, and mowers.
“We discovered that files maintained by our human resources team were accessed as part of this incident. We carefully reviewed these files, and on June 16, 2026, we determined that one or more files may have contained personal information related to certain employees and their dependents,” Kubota reported on its site.
As per the announcement posted on the Kubota USA portal, the following employee information may have been revealed:
The specific data that was exposed varies per person. Kubota also started sending personalised mails to inform the individuals about the exact impact on them.
The notification information consists step by step instructions for using Kroll identity protection to help the targets address the threats coming from the leak of their personal data.
Kubota has specially advised people to look out for bank accounts and healthcare related statements and promptly report any malicious activity to the concerned authorities.
Kubot has implemented robust security measures to avoid such incidents from happening in the future.
No cybercrime gangs, data extortion gangs, or ransomware gangs have claimed responsibility for the Kubota breach.
Kubota did not report any operational or business disruptions due to the breach.
On ensuring employee safety, Kubota said, “We take the privacy and confidentiality of our employees’ information very seriously. To help prevent something like this from happening again, we have taken and will continue to take steps to further enhance our existing security measures.”
Addressing the incident, a company spokesperson told BleepingComputer, "A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems," adding, "Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected."
Tata Electronics, a subsidiary of the Tata Group, specializes in semiconductor production and electronic component manufacturing. Established in 2020, the company has rapidly expanded its footprint in India's technology manufacturing sector and is currently involved in the production and assembly of Apple iPhones and related components.
While the company has not identified the threat actor behind the attack, its statement follows claims made by the World Leaks cybercrime group, which allegedly published data stolen from Tata Electronics.
According to reports, the leaked material includes folders and documents that purportedly contain manufacturing-related information linked to Apple products. The exposed files are said to feature internal component schematics, printed circuit board (PCB) designs, material specifications, and software development kit (SDK) files.
BleepingComputer has reportedly reached out to Apple for clarification regarding the alleged exposure of proprietary information but has not yet received a response.
World Leaks is widely believed to be the successor to the Hunters International ransomware operation, which ceased activities in July 2025. Unlike its predecessor, which encrypted victims' systems, World Leaks focuses solely on data theft and extortion, threatening to release stolen information publicly unless demands are met.
The group has previously been linked to attacks on several major organizations. Among its notable victims are Dell, which confirmed a cybersecurity breach in July 2025, and Nike, which initiated an investigation after cybercriminals claimed to have stolen 1.4 terabytes of company data in January 2026.
Recently, CySecurity reported that threat actors were using digital advertising data to attack US soldiers in war zones. The US law enforcement recently warned about the “anti-tech” extremism because the AI criticism was growing in the country.
What happens in a typical Distributed Denial-of-Service (DDoS) attack. A website that suddenly stops? Time out of a login page? Not being able to reach an online service when you need it the most? These causes are not internal, and are attributed to DDoS attacks.
Cloudflare reported stopping a 7.3 Tb/s attack last year and said it addressed a 31.4 Tb/s attack in its Q4 2025 DDoS report. According to Microsoft, Azure also blocked a 15.72 Tb/s attack last year in October. The activity was linked to the Aisuru botnet.
For all these instances, dark web actors are fighting over the same buyers with pitches. Flare experts analyzed dark web operations and detailed API access, reseller options, botnet-based capacity, monthly plans, Cloudflare bypass claims, and game-server tactics.
A comparative analysis of the DDoS-related dark web operations from the first five months of 2023 and the first five months of 2026 demonstrate how rapidly that offer has evolved. Scripts, tutorials, leaked tools, and sporadic forum posts used to be more common, but these days they are more typically provided as recurring products that are simpler to purchase and use.
A DDoS attack tries to crowd an application, network, server, or website with traffic from various servers at one time. Few attacks are aimed at network capacity, while the remaining emphasize on application layer resources like APIs and login pages. The aim is to dismantle any service or activity and make it unavailable, expensive to use, or unstable.
DDoS-as-a-service removes the barrier even further, a hacker can choose a victim, pay for accessing a web panel, select timeline, and depend on another person’s botnet, third-party attack infrastructure, or proxy network.
A hosting company that employs Magic Transit to protect their IP network and is a Cloudflare user was the target of the attack. According to Cloudflare’s recent DDoS threat assessment, DDoS attacks are increasingly targeting hosting providers and vital Internet infrastructure.
An assault campaign from January and February of 2025 that launched over 13.5 million DDoS attacks on Cloudflare's hosting providers and infrastructure was detailed by the experts on their blog.