
Amazon Q VS Code Flaw Lets Malicious Repositories Steal Cloud Credentials
A high-severity vulnerability in the Amazon Q Developer Extension for Visual Studio Code (VS Code), Amazon’s AI-powered coding assistant, allowed attackers to execute arbitrary code and steal cloud credentials. Tracked as CVE-2026-12957 and CVE-2026-12958, the flaws have been patched in Language Servers for AWS version 1.69.0, with corresponding fixes across all affected Amazon Q Developer […]
The post Amazon Q VS Code Flaw Lets Malicious Repositories Steal Cloud Credentials appeared first on Cyber Security News.