Vulnerability in Amazon Q for VS Code allows credential theft through manipulated repositories and reveals systemic risks in AI-powered developer tools.
Vulnerability in Amazon Q for VS Code allows credential theft through manipulated repositories and reveals systemic risks in AI-assisted developer tools.
Malware exploits compromised npm packages and manipulated GitHub Actions to exfiltrate tokens and credentials directly from CI/CD environments and developer repositories.
Amazon Q Developer enabled arbitrary code execution via crafted MCP configurations in malicious repositories, which could lead to credential theft (CVE-2026-12957, CVSS 8.5).
Attackers deploy a Golang-based sniffer on 430,000 compromised FortiGate firewalls to harvest 110 million credentials, transforming critical security devices into reconnaissance instruments.
Underground marketplaces automate searches through stolen credential databases for target enterprises, simplifying access to compromised accounts for broader attacker groups.
15 compromised JetBrains plugins masquerade as AI assistants and steal plaintext API keys over unencrypted HTTP connections to IP address 39.107.60.51.
Attackers remained hidden in research networks for over a year and diverted research and defense emails through configured Google Workspace rules instead of using classic exfiltration channels.
Age-based reputation scoring in mail filters became a critical vulnerability because attackers acquire legitimate, long-clean domains and repurpose them for phishing.