Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

Found 1 hour ago ago at The Register

Researchers warn many AI coding assistants now execute commands from project configurations A high severity flaw in Amazon AI coding assistant for Visual Studio Code meant that opening the wrong Git repository could allow an attacker to execute code on a developer machine and potentially hand them the keys to the dev cloud environment. The bug, tracked as CVE 2026 12957 and assigned a CVSS 4.0 score of 8.5, centers on how Amazon Q handled Model Context Protocol MCP server configurations. Wiz...

Read the full article at The Register

More Developer News

Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

Found 1 hour ago at The Register

Oracle promises to open up MySQL governance, but the community wants guarantees

Found 2 hours ago at The Register

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Found 5 hours ago at The Register

Three FOSS projects for developers, procrastinators, and media wranglers

Found 8 hours ago at The Register

Apple takes over Swift Package Index, vows to remove GitHub dependency

Found 1 day ago at The Register