High-Severity Flaw in Amazon Q Developer Exposes AWS Credentials
Wiz Research discovered a critical vulnerability (CVE-2026-12957) in Amazon Q Developer that allowed malicious code repositories to execute commands stealthily on developers’ machines and steal their AWS credentials. The issue was reported to Amazon on April 20, and the company released a patch on May 12. The details were publicly disclosed today. [The story continues at The Next Web]