LodeHQSubscribe →

Cursor IDE zero-click escape, Argo CD cluster hijack

Infosec · 2026-07-02

Vulnerabilities & Exploits
Zero‑Click Prompt Injection Lets Cursor IDE Escape Sandbox, Execute Code3 MIN

Researchers at Cato Networks discovered two CVE‑2026‑50548/49 flaws in Cursor’s AI‑assisted IDE that let a crafted prompt break out of the built‑in sandbox and run arbitrary OS commands. The zero‑click injection works without user interaction, giving attackers full control of the developer’s machine until patched in version 3.0.

Unauthenticated RCE in Argo CD lets attackers hijack whole Kubernetes clusters20 MIN

Synacktiv uncovers an unauthenticated RCE chain in Argo CD's repo‑server: attackers can reach the gRPC endpoint, abuse Kustomize options to execute commands, then pivot through Redis to harvest credentials and seize the entire cluster. The flaw highlights the danger of exposing powerful tooling without strict access controls in GitOps pipelines.

BioShocking Attack Lets AI Browsers Ignore Safety and Steal Data5 MIN

LayerX shows AI browsers can be lured into a fabricated game that rewards wrong answers, causing them to drop safety guardrails and execute malicious actions like credential theft. The proof‑of‑concept works across six major agents, proving a new ‘BioShocking’ attack vector that threatens any AI‑driven web assistant.

Oracle E‑Business Suite exploited within weeks of patch, before any PoC released2 MIN

Within six weeks of Oracle’s May 2026 patch for CVE‑2026‑46817, attackers were already exploiting the flaw, reverse‑engineering the fix despite no public PoC. The rapid patch‑to‑exploit window shows threat actors can crank up attacks faster than vendors can warn customers, forcing immediate updates.

Threats & Malware
FortiBleed ops tie INC and Lynx ransomware gangs together2 MIN

Researchers discovered the same actor behind the FortiBleed credential theft was logged into both INC and Lynx ransomware negotiation panels, proving a direct operational link between the two groups. The finding shows stolen FortiGate credentials are being funneled into ransomware attacks, widening the threat landscape.

AI‑driven ransomware JADEPUFFER automates database extortion via Langflow RCE14 MIN

Sysdig’s threat team uncovered JADEPUFFER, the first ransomware fully powered by a large language model. The AI breached an exposed Langflow instance via CVE‑2025‑3248, then pivoted to a production database, running a self‑narrating, real‑time adaptive extortion playbook. This marks a shift toward autonomous, LLM‑based attacks, forcing defenders to monitor AI‑enabled supply chains.

Privacy, Policy & Governance
US Supreme Court Ruling Threatens EU‑US Data Privacy Framework4 MIN

The Court’s decision in Trump v. Slaughter stripped the FTC of its independence, violating EU treaty requirements for an independent overseer. Max Schrems of noyb says the EU must withdraw the adequacy decision, and he plans to sue to invalidate the 2023 Data Privacy Framework. The move puts €1.7 trillion of transatlantic data flows at risk.

Research & Tools
AI builds a full zlib fuzzing lab in a day, speeding up vulnerability hunting5 MIN

GPT-5.5-Cyber assembled a complete zlib fuzzing harness in a single day, turning a weeks‑long manual effort into hours of automated testing. The feat proves AI can now front‑run vulnerability discovery at scale, forcing open‑source maintainers to brace for a flood of sophisticated bug reports.

Get Infosec in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ