{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreibhqse7krh3mbhibu57ig5rwq5xoa5g5ouvv7h23u46zjdfu4i75y",
"uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mp7emh2suq72"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreieq3cjuamq4nyd6snudvwjh3iltuj4bsu6kwtkvx4my3rjh5ylr74"
},
"mimeType": "image/jpeg",
"size": 287127
},
"path": "/2026/06/amazon-q-developer-flaw-could-let.html",
"publishedAt": "2026-06-26T13:53:00.000Z",
"site": "https://thehackernews.com",
"textContent": "A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon's AI coding assistant handled Model Context Protocol (MCP) servers. Wiz",
"title": "Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs"
}