{"slug": "amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds", "title": "Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds", "summary": "Security researchers discovered a vulnerability in Amazon Q Developer that allows attackers to execute code and steal cloud credentials by embedding malicious commands in Git repositories. The flaw exploits the AI coding assistant's ability to execute commands from project configuration files, putting users at risk of supply-chain attacks.", "body_md": "### MOST POPULAR\n\n[AI](https://beta.theregister.com/tag/ai)\n\n-\noffbeat\n\n#### US auto regulators want to kill robotaxi brake pedals\n\nRequiring driverless vehicles to keep human brake controls impedes innovation, the NHTSA says\n\n-\nsecurity\n\n#### Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds\n\nResearchers warn many AI coding assistants now execute commands from project configurations\n\n-\nAI and ML\n\n#### AI giants back non-profit to retrain workers left behind by AI\n\nSorry we spent your wages on datacenters, but call us when you're AI-ready\n\n-\nAI and ML\n\n#### OpenAI says 97.9 percent of its employees are now using agents\n\nCodex, it's not just for developers, really\n\n-\npersonal tech\n\n#### Apple passes RAMpocalypse costs on to consumers\n\nFondleslab and Mac prices rise by hundreds; phones safe ... for now\n\n[Infosec](https://beta.theregister.com/security)\n\n-\nSecurity\n\n#### Russians are posing as Signal support to launch phishing attacks\n\nPLUS: US takes down Iranian propaganda sites; Marketing company asks 'Why Do We Have Your Information?' And more!\n\n-\nSecurity\n\n#### Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack\n\nPLUS: China upgrades smartphone surveillance tools; Ring eases anti-snooping stance; and more\n\n-\nBlack Hat and DEF CON\n\n#### DEF CON Franklin project enlists hackers to harden critical infrastructure\n\nVoting village reports have been so successful, says Jeff Moss, that the whole of DEF CON will now be included\n\n-\nSecurity\n\n#### EQT buys majority share in Swiss cybersecurity biz Acronis\n\nWent at equivalent of $3.5B+ valuation for entire firm, though portion sold not specified\n\n-\nMalware Month\n\n#### Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight\n\nOn the plus side, infosec's a good bet for a long, stable career\n\n[FOSS](https://beta.theregister.com/tag/FOSS)\n\n-\n#### Collabora releases CODE 26.04 as rivalry between FOSS cloudy office suites heats up\n\nNow with Markdown support and smarter formula error handling – plus integrated AI, though it's off by default\n\n-\n#### Blast from the past as GIMP 0.54 is revived in Flatpak form\n\nRetro-computing fun for the nostalgic with first (and last) release to use Motif instead of GTK\n\n-\n#### Bcachefs exits experimental status in new 'performance release'\n\nMore Rust, but more trouble with AI slop, too\n\n-\n#### France's digital sovereignty push is struggling to escape the Microsoft gravity well\n\nNextcloud rollout shows locally controlled storage is one thing; getting users off Office is quite another\n\n-\n#### History of CentOS: How a biochemist's Linux hobby project became the enterprise world's default operating system\n\nWhen a community came together after Red Hat said Windows was 'probably the right product'\n\n-\n#### Netflix wiz creates app to slash AI bills, then open sources it\n\nProject Headroom could save you big money, too", "url": "https://wpnews.pro/news/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds", "canonical_source": "https://www.theregister.com/cyber-crime/2026/06/26/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds/5263202", "published_at": "2026-06-26 15:34:00+00:00", "updated_at": "2026-06-26 16:36:08.824203+00:00", "lang": "en", "topics": ["ai-safety", "ai-tools", "ai-products"], "entities": ["Amazon Q", "Git"], "alternates": {"html": "https://wpnews.pro/news/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds", "markdown": "https://wpnews.pro/news/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds.md", "text": "https://wpnews.pro/news/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds.txt", "jsonld": "https://wpnews.pro/news/amazon-q-flaw-let-booby-trapped-git-repos-execute-code-swipe-cloud-creds.jsonld"}}