NewsIDEsaster 30+ Vulnerabilities Across Every Major AI IDE 100% VulnerableSC Media·high signalAri Marzouk disclosed 30+ vulns (24 CVEs) affecting Cursor, Copilot, Windsurf, Zed, Kiro, Roo Code, Junie, Cline. 100% of tested IDEs vulnerable to prompt injection enabling RCE.SourceSource pageSC Media↳ Follow the threadPolicy dependency / Stack layerKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker NewsStack layer / Threat patternOpenAI launches ChatGPT Work, an agentic workspace on GPT-5.6, with Sol/Luna/Terra model tiersInfoWorldPolicy dependency / Stack layerPrismata Confines Cross-Site Prompt Injection by Treating Web Agents Like an XSS ProblemarXivPolicy dependency / Stack layerponytail: A 'Laziest Senior Dev' Skill That Cuts Agent-Written Code by ~54% Is the Fastest-Rising Repo on GitHubGitHubStack layer / Threat patternsickn33/agentic-awesome-skills Hits 1,900+ Installable Agent Skills — and an Installer CLI to MatchGitHubPolicy dependency / Stack layerGoogle Will Now Label Ads Made or Edited With AI Across Search, Discover, and YouTubeThe VergeStack layer / Threat patternMid-Session Tool Injection weaponized against WebMCP agents via threshold poisoning and fake diagnostic eventsAdversa AIStack layer / Threat patternMalicious agent skills evade every scanner: HKUST's SkillCloak beats detectors 90%+ of the time, SkillDetonate catches 97%Help Net Security