<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>cybercrime.club</title><link>https://cybercrime.club/tags/sandbox-escape/</link><description>Infrastructure security news for people who build infrastructure.</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Thu, 02 Jul 2026 11:07:09 -0400</lastBuildDate><atom:link href="https://cybercrime.club/tags/sandbox-escape/" rel="self" type="application/rss+xml"/><item><title>DuneSlide: Zero-Click Prompt Injection Chains to Full RCE in Cursor IDE (CVE-2026-50548, CVE-2026-50549)</title><link>https://cybercrime.club/posts/cursor-ide-duneslide-cve-2026-50548-50549-prompt-injection-rce/</link><pubDate>Thu, 02 Jul 2026 11:07:09 -0400</pubDate><guid>https://cybercrime.club/posts/cursor-ide-duneslide-cve-2026-50548-50549-prompt-injection-rce/</guid><description>Two critical Cursor IDE flaws, dubbed DuneSlide, let a poisoned MCP response or web search result steer the agent's own sandbox into overwriting its enforcement binary — zero-click prompt injection to unsandboxed remote code execution, patched in Cursor 3.0.</description><category>vulnerabilities</category></item></channel></rss>