{"uuid": "608b7d47-6807-415e-9340-e866f3b29c99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12957", "type": "seen", "source": "https://t.me/thehackernews/9340", "content": "\ud83d\uded1 Opening a repo shouldn't hand over your AWS keys.\n\nAmazon patched CVE-2026-12957, an #Amazon Q Developer flaw that let a malicious repo run code the moment you open and trust the workspace, with the developer's cloud credentials already attached.\n\nNo separate MCP approval. No second sign-in.\n\nLearn how the attack worked \ud83e\udc16 https://thehackernews.com/2026/06/amazon-q-developer-flaw-could-let.html", "creation_timestamp": "2026-07-15T12:00:04.120497Z"}