CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
A flaw in Amazon Q Developer auto-loaded rogue MCP servers from cloned repos, letting attackers steal AWS credentials silently. A high-severity flaw in Amazon Q Developer allowed a malicious code ...
Generative AI virtual assistant Amazon Q was unveiled by AWS CEO Adam Selipsky in 2023. Image: AWS A hacker recently injected code into Amazon Q in order to warn users of the platform’s potential ...
The Amazon Q Developer VS Code Extension is reportedly vulnerable to stealthy prompt injection attacks using invisible Unicode Tag characters. According to the author of the “Embrace The Red” blog, ...