Modern Cyber with Jeremy Snyder
A quieter summer week on the news front, which gives Jeremy room to dig deeper into a handful of stories that all circle the same theme: the tooling and infrastructure around AI keep proving to be the weak link, not the models themselves. This week covers a critical remote-code-execution flaw in the Cursor IDE, a fresh round of coding agents falling to bash obfuscation, a prompt-injection payment scam spreading through SEO poisoning, what one research team is calling the first end-to-end agentic ransomware event, and renewed attention on Anthropic's sleeper agents research and what it means for open-weight model adoption. Key Episode Highlights Cursor RCE (CVSS 9.8): a sandbox-escape chain in the Cursor AI IDE that lets a poisoned MCP server or repo file run arbitrary OS commands with no user approval, by manipulating the working-directory allow list and abusing symlinks to overwrite the sandbox binary. Coding agents fall to bash obfuscation: Adversa AI tested 11 open source coding agents and found 10 failed to guard against classic bash obfuscation, letting a poisoned Readme or Makefile exfiltrate AWS credentials. Prompt-injection payment scam: Zscaler Threat Labs (a FireTail investor) documented SEO poisoning that lures agents to fake developer sites carrying a hidden prompt to pay for an API key. 26 LLMs were tricked into making crypto payments; two others misclassified a typosquatting site as legitimate. "Jade Puffer": Sysdig's threat research team describes what may be the first end-to-end agentic ransomware event, using an AI agent for reconnaissance and an unpatched Langflow CVE to breach environments, in some cases going from unauthenticated to authenticated in as little as 30 seconds. Sleeper agents, revisited: a Forbes report renews attention on Anthropic's sleeper agents research and the risk that a trigger baked into an open-weight model's training can flip it from behaving normally to exfiltrating data, and why real-time model inventory and observability are the practical defenses. Episode Links - https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/ [https://www.securityweek.com/critical-cursor-ai-ide-flaws-could-lead-to-os-level-remote-code-execution/] https://www.securityweek.com/decades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks/ [https://www.securityweek.com/decades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks/] https://www.securityweek.com/prompt-injection-attacks-trick-ai-agents-into-making-crypto-payments/ [https://www.securityweek.com/prompt-injection-attacks-trick-ai-agents-into-making-crypto-payments/] https://www.forbes.com/sites/josipamajic/2026/07/03/hidden-llm-backdoors-could-detonate-at-massive-scale/ [https://www.forbes.com/sites/josipamajic/2026/07/03/hidden-llm-backdoors-could-detonate-at-massive-scale/] https://www.unite.ai/kelas-2026-mid-year-ai-threat-landscape-report-ai-is-becoming-both-the-weapon-and-the-target/ [https://www.unite.ai/kelas-2026-mid-year-ai-threat-landscape-report-ai-is-becoming-both-the-weapon-and-the-target/] https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/ [https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/]
122 episodes
Comments
0Be the first to comment
Sign up now and become a member of the Modern Cyber with Jeremy Snyder community!