ByteBrief

Best read upright.

We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.

(We tried widescreen once. It wasn't us.)

ByteBrief

AIThe Registerabout 4 hours ago

Amazon Q flaw steals AWS credentials via cloned repos

3 min read

A high-severity flaw in Amazon Q Developer for Visual Studio Code, tracked as CVE-2026-12957 with a CVSS 4.0 score of 8.5, automatically loaded malicious MCP server configurations from a cloned repository, executing commands with full access to the developer's AWS credentials without any user interaction beyond opening the project.

Level

Hype check

Tap to vote and see what everyone thinks.

In this storyAmazon

#amazon

Best read upright.

Amazon Q flaw steals AWS credentials via cloned repos

More to chew on!

More to chew on!