A flaw in Amazon Q Developer auto-loaded rogue MCP servers from cloned repos, letting attackers steal AWS credentials silently. A high-severity flaw in Amazon Q Developer allowed a malicious code ...