{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibhqse7krh3mbhibu57ig5rwq5xoa5g5ouvv7h23u46zjdfu4i75y",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mp7emh2suq72"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreieq3cjuamq4nyd6snudvwjh3iltuj4bsu6kwtkvx4my3rjh5ylr74"
    },
    "mimeType": "image/jpeg",
    "size": 287127
  },
  "path": "/2026/06/amazon-q-developer-flaw-could-let.html",
  "publishedAt": "2026-06-26T13:53:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked as CVE-2026-12957 (CVSS 8.5), the bug sat in how Amazon's AI coding assistant handled Model Context Protocol (MCP) servers. Wiz",
  "title": "Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs"
}