Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data

Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials...

Researcher Uncovers 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Over 30 security vulnerabilities have been disclosed in various artificial intelligence AI-powered Integrated Development Environments IDEs that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been...

CVE-2025-62353

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...

CVE-2025-62353

A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection...

CVE-2025-62353

Windsurf IDE is affected by a path traversal vulnerability affecting all versions. The issue allows a threat actor to read and write arbitrary local files on an end user’s system, inside and outside of the current project scope. The path traversal can be exploited directly or via indirect prompt ...