Opening a project folder in certain code editors can lead to the hidden execution of malicious commands. According to SlowMist, users of Cursor AI are particularly vulnerable to this flaw.
🚨SlowMist TI Alert🚨
— SlowMist (@SlowMist_Team) January 8, 2026
If you’re doing Vibe Coding or using mainstream IDEs, be cautious when opening any project or workspace. For example, simply using “Open Folder” on a project may trigger system command execution — on both Windows and macOS.
⚠️ Cursor users: especially at… pic.twitter.com/9pNgqKoZKm
The vulnerability affects popular development environments and tools for Vibe Coding, where programming tasks are delegated to large language models.
The attack mechanism relies on creating a project with a specific structure. If a developer opens such a folder using the standard Open Folder function, a malicious command will automatically execute on their device. This threat is relevant for both Windows and macOS.
Experts report that several users of the Cursor AI editor have already fallen victim to this campaign, though the exact damage remains unknown.
The founder of SlowMist, known as Cos, has already reported the incident to the security team of the platform.
给 @cursor_ai 发漏洞细节 + PoC + 相关截图,希望尽快解决这个问题。 pic.twitter.com/v5zWCdhVpW
— Cos(余弦)😶🌫️ (@evilcos) January 8, 2026
As of this writing, Cursor has not commented on the vulnerability reports.
Web3 researcher DeFi Teddy has advised users to utilize separate devices for Vibe Coding and cryptocurrency storage.
基于slowmist老板 @evilcos 的提醒,增加一些vibe coding的安全告知
— DeFi Teddy (@DeFiTeddy2020) January 8, 2026
— cursor/codex/claude code这些程序的权限很高,基本可以操控你个人电脑
— cursor 打开项目文件的时候,可能会自动执行下面的文件
所以重要的安全tips有2个
— 安装vibe coding 的电脑需要和web3电脑分开
-… https://t.co/pXq6Bhs4QG
“Never open projects in Cursor or download from unverified or suspicious sources (like random GitHub repositories) whose security is not confirmed,” he added.
In September, Oasis Security specialists identified a similar vulnerability in a program that allowed the injection of malicious code, taking control of the working environment and stealing API tokens without any user commands being executed.
Cursor is an IDE based on Visual Studio Code with integrated AI tools. The project is connected to popular chatbots like ChatGPT and Claude.
The platform is popular among developers, with reports indicating around one million users generating over a billion lines of code daily. In May, the company behind Cursor, Anysphere, raised $900 million at a valuation of $9 billion.
Recall that in July, the cybersecurity service Tracebit discovered a vulnerability in Google’s Gemini that allowed for the stealthy execution of malicious commands when users viewed suspicious code through a neural network.