A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.

In an agentic world, defensibility shifts from features to flow control. From owning a category to owning a node in the ...

CVE-2025-53967 allows remote code execution via figma-developer-mpc command injection flaw Vulnerability stems from unvalidated input passed to shell commands using child_process.exec Users should ...

Figma is launching some new updates that allow AI models to directly communicate with its app-building tool and access designs remotely. Figma’s Model Context Protocol (MCP) server — a bridge that ...

Model Context Protocol (MCP) servers, which are the glue that links AI agents with other enterprise systems, continue to pop up as potential chinks in the proverbial organizational armor. This week, ...

Figma expanded its AI-powered prototyping tool Figma Make on Feb. 20, introducing custom Model Context Protocol (MCP) connector support alongside certified connectors for Amplitude, Box, Dovetail, ...

Figma MCP is no longer desktop-only, it’s coming to IDEs, AI agents and more MCP also bridges codebases and projects within Figma Make REST API rate limits will change, but only 1% of users will be ...

CVE-2025-53967 allows remote code execution via figma-developer-mpc command injection flaw Vulnerability stems from unvalidated input passed to shell commands using child_process.exec Users should ...