The Developer’s Trap: How AI IDEs Like Cursor and Windsurf Risked a Silent Supply Chain Attack
Popular IDEs with AI assistants—such as Cursor, Windsurf, Google Antigravity, and Trae—have been found vulnerable to a supply-chain attack. These environments prompt users to install extensions that are absent from the OpenVSX catalog. The...
