Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
26-06-2026 17:34 via theregister.com

Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

A high-severity flaw in Amazon's AI coding assistant for Visual Studio Code meant that opening the wrong Git repository could allow an attacker to execute code on a developer's machine and potentially hand them the keys to the dev's cloud environment. The bug, tracked as CVE-2026-12957 and assigned a CVSS 4.0 score of 8.5, centers on how Amazon Q handled Model Context Protocol (MCP) server configurations. Wiz found the extension would automatically load a repository's .amazonq/mcp.json file and
Read more »

Sci-Tech news



Even the Secret Service won't use company-issued phones
Even the Secret Service won't use company-issued phones
I saw unreleased UFO files at a secret meeting in the Tennessee mountains. We prayed after seeing what these 'humanoid beings' did... the world is not prepared
I saw unreleased UFO files at a secret meeting in the Tennessee mountains. We prayed after seeing what these 'humanoid beings' did... the world is not prepared
Trump-shuttered climate change site back online in nonprofit hands
Trump-shuttered climate change site back online in nonprofit hands
Millions warned to brace for blackouts as extreme wildfire threat sweeps across nine states: 'Particularly dangerous situation'
Millions warned to brace for blackouts as extreme wildfire threat sweeps across nine states: 'Particularly dangerous situation'
Google wants AI regulation, but on its own terms
Google wants AI regulation, but on its own terms
Terrifying discovery inside trendy 'squishy dumpling' toys after dad runs safety test
Terrifying discovery inside trendy 'squishy dumpling' toys after dad runs safety test
US auto regulators want to kill robotaxi brake pedals
US auto regulators want to kill robotaxi brake pedals
Oracle promises to open up MySQL governance, but the community wants guarantees
Oracle promises to open up MySQL governance, but the community wants guarantees
'Ground zero' for mega heat dome revealed as 271 million Americans brace for 'face-melting' Fourth of July heat
'Ground zero' for mega heat dome revealed as 271 million Americans brace for 'face-melting' Fourth of July heat
One man, two kernels, and a lot of RISC-V
One man, two kernels, and a lot of RISC-V
Gossiping is good for you! People who spread rumours are more likely to be in a relationship and have children, study reveals
Gossiping is good for you! People who spread rumours are more likely to be in a relationship and have children, study reveals
Notion kills its Gmail client after AI agents keep humans from troubling inbox
Notion kills its Gmail client after AI agents keep humans from troubling inbox
Jiangsu's first AI-powered 10 Gbps all-optical campus network launched at Southeast University
Jiangsu's first AI-powered 10 Gbps all-optical campus network launched at Southeast University
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
Miasma campaign poisons 20-plus npm packages, hunts for developer secrets
Desktop versie