CVE-2026-12957: Amazon Q Silently Stole Your AWS Keys
Amazon Q Developer's VS Code extension automatically executed MCP server configurations from workspace files without user consent, exposing AWS credentials. Wiz Research disclosed CVE-2026-12957 (CVSS…