[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPv9_knnELtuAcgX_kBrn7nxb0m-TcmbZJcP_G92q9Hs":3},{"article":4,"iocs":49},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":33},"f71583a1-8620-4b52-a654-1f11f2100d3a","Amazon Q VS Extension Flaw Leads to Cloud Credential Theft","amazon-q-vs-extension-flaw-leads-to-cloud-credential-theft-34eb78","Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.","A vulnerability in the Amazon Q Visual Studio extension permits attackers to execute arbitrary code and steal cloud credentials by planting malicious repositories. This flaw demonstrates escalating risks associated with Model Context Protocol (MCP) integrations in development environments. The vulnerability highlights how AI-powered coding assistants can become attack vectors when insufficient input validation and sandboxing controls are in place.","Amazon Q VS Extension flaw allows arbitrary code execution and cloud credential theft via malicious repositories.",null,"https:\u002F\u002Fwww.darkreading.com\u002Fcloud-security\u002Famazon-q-vs-extension-flaw-leads-cloud-credential-theft","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fblt739efb26c97e2c21\u002F6a4262393ad9ac7b4208de76\u002FAI_agents_(1800)_Kiattisak_Lamchan_Alamy.png?width=720&quality=80&disable=upscale","2026-06-29T11:44:42+00:00","2026-06-29T20:00:06.549308+00:00",8,[18,21,24,26],{"name":19,"type":20},"Amazon","vendor",{"name":22,"type":23},"Amazon Q","product",{"name":25,"type":23},"Visual Studio Extension",{"name":27,"type":28},"Model Context Protocol (MCP)","technology","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":29,"icon":11,"name":31,"slug":32},"Vulnerabilities","vulnerabilities",[34,39,44],{"category":35},{"id":36,"icon":11,"name":37,"slug":38},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":40},{"id":41,"icon":11,"name":42,"slug":43},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",{"category":45},{"id":46,"icon":11,"name":47,"slug":48},"c70f3a41-2f0c-4608-870d-b8cbcd8be076","Cloud Security","cloud-security",[50],{"type":51,"value":52,"context":53},"malware","Amazon Q VS Extension","Vulnerable extension used for arbitrary code execution and credential theft"]