# OSINT Post — @thehackernews msg 8643

*Friday, March 20, 2026 at 3:46 PM UTC — Hamer Intelligence Services Desk*

**Posted**: 2026-03-20T15:46:44.000Z (2mo ago)
**Fetched**: 2026-03-21T21:32:24.259Z (2mo ago)
**Views**: 5
**Media**: photo
**Link**: https://t.me/thehackernews/8643
**Permalink**: https://hamerintel.com/data/posts/2484.md
**Source**: https://hamerintel.com/sources

---

CursorJack abuses cursor:// links to trigger arbitrary command execution via MCP installs with executable configs.One click plus user approval can run local commands or link to a malicious server.🔗 Deep link abuse flow, MCP risk, and PoC details → https://thehackernews.com/2026/03/threatsday-bulletin-fortigate-raas.html#deep-link-abuse-enables-command-execution