The Hacker News

From Log4j to IIS, China's Hackers Turn Legacy Bugs into Global Espionage Tools

China-linked hackers exploited multiple CVEs in April 2025 to target global entities with advanced persistence.
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...