Below you will find pages that utilize the taxonomy term “Cursor”
Cursor's CVE-2026-26268, Claude Code's Dynamic Workflows, and Why Google Antigravity's Launch Was a Mess
May was a big month. Too big, arguably. Let me just talk about the things I actually care about.
Update Cursor. Do It Now.
I’ll lead with this because it’s the most urgent thing in the notes: CVE-2026-26268, rated 9.9 critical by NVD, affected Cursor versions prior to 2.5. The attack surface is uncomfortable to think about. Clone a malicious repository, let the AI agent start doing its autonomous Git thing, and you’ve potentially handed an attacker code execution on your machine.
Cursor's Security Mess, Claude's New Effort Levels, and Why Managed Agents Actually Excites Me
April was a big month. Possibly too big. Between a critical RCE in Cursor, Anthropic shipping Opus 4.7 with three silent breaking changes, and the “ultra prefix” commercial model crystallising into something real, there’s a lot to unpack. I’m going to focus on the three things I can’t stop thinking about.
The Cursor CVE Should Have Been Front-Page News
Let’s start here, because this one genuinely alarmed me.
CVE-2026-26268 is a CVSS 9.9 remote code execution vulnerability in Cursor versions prior to 2.5. The mechanism is nasty: a malicious actor embeds a bare repository inside a legitimate-looking public repo, with a crafted pre-commit hook. When the Cursor agent runs a git checkout as part of a routine task — something agents do constantly — that hook fires automatically. No warning, no confirmation prompt, nothing. You just handed someone a shell.
Claude Sonnet 4.6, the LiteLLM Supply Chain Nightmare, and Cursor Going Full Infrastructure
March was a genuinely busy month in this space, and I’ve been sitting with a few of these developments over the past week trying to work out what’s noise and what actually changes how I work. Let me get into the things that stuck.
Sonnet 4.6 Is the Real Story, Not Opus
I’ll be honest — I’d been running Opus 4.6 as my default in Claude Code because it felt like the “serious” choice. That calculus is now just wrong.