Охота на CVE в Cursor IDE: полный технический разбор безопасности AI-редактора

Cursor — AI-powered IDE на базе VS Code, которая обрабатывает миллионы строк кода разработчиков через свои серверы. Когда я задумался о безопасности этого продукта, возник вопрос: насколько надёжна серверная модель авторизации, которая стоит между бесплатным пользователем и Claude 4 Opus?

https://habr.com/ru/articles/1028196/

#cursor_ide #security_research #prototype_pollution #protobuf #grpc #connectrpc #cve #reverse_engineering #ai_security #bug_bounty

Critical flaw in #Protobuf library enables #JavaScript code execution

https://www.bleepingcomputer.com/news/security/critical-flaw-in-protobuf-library-enables-javascript-code-execution/

#cybersecurity

Zero-copy protobuf and ConnectRPC for Rust

https://medium.com/@iainmcgin/zero-copy-protobuf-and-connectrpc-for-rust-69bda8ac0f02

#HackerNews #ZeroCopy #Protobuf #ConnectRPC #Rust #Programming #RustLang #TechNews

Protobuf library flaw enables remote JavaScript code execution

A critical flaw in the popular protobuf.js library has been exposed, allowing hackers to execute JavaScript code remotely - and a proof-of-concept exploit has already been published, putting countless systems at risk.

https://osintsights.com/protobuf-library-flaw-enables-remote-javascript-code-execution?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #Javascript #Protobuf #ProtocolBuffers #EmergingThreats

Did you know that #OpenSearch nodes have native support for #gRPC and #Protobuf?

We ran benchmarks comparing gRPC and REST, and saw significant reduction in:
📉 payload size
📉 latency
📉 CPU utilization (on both client & server sides)
📉 client-side processing time

We also auto-generate the Protobuf definitions from the OpenSearch Project OpenAPI specifications to keep consistency across REST and gRPC APIs.

Check out the @OpenSearchProject blog:
https://opensearch.org/blog/advancing-opensearch-with-grpc-and-protocol-buffers/

#OpenSearchAmbassador