Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

Security researchers discovered a vulnerability in Amazon Q Developer that allows attackers to execute code and steal cloud credentials by embedding malicious commands in Git repositories. The flaw exploits the AI coding assistant's ability to execute commands from project configuration files, putting users at risk of supply-chain attacks.

MOST POPULAR AI https://beta.theregister.com/tag/ai - offbeat US auto regulators want to kill robotaxi brake pedals Requiring driverless vehicles to keep human brake controls impedes innovation, the NHTSA says - security Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds Researchers warn many AI coding assistants now execute commands from project configurations - AI and ML AI giants back non-profit to retrain workers left behind by AI Sorry we spent your wages on datacenters, but call us when you're AI-ready - AI and ML OpenAI says 97.9 percent of its employees are now using agents Codex, it's not just for developers, really - personal tech Apple passes RAMpocalypse costs on to consumers Fondleslab and Mac prices rise by hundreds; phones safe ... for now Infosec https://beta.theregister.com/security - Security Russians are posing as Signal support to launch phishing attacks PLUS: US takes down Iranian propaganda sites; Marketing company asks 'Why Do We Have Your Information?' And more - Security Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack PLUS: China upgrades smartphone surveillance tools; Ring eases anti-snooping stance; and more - Black Hat and DEF CON DEF CON Franklin project enlists hackers to harden critical infrastructure Voting village reports have been so successful, says Jeff Moss, that the whole of DEF CON will now be included - Security EQT buys majority share in Swiss cybersecurity biz Acronis Went at equivalent of $3.5B+ valuation for entire firm, though portion sold not specified - Malware Month Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight On the plus side, infosec's a good bet for a long, stable career FOSS https://beta.theregister.com/tag/FOSS - Collabora releases CODE 26.04 as rivalry between FOSS cloudy office suites heats up Now with Markdown support and smarter formula error handling – plus integrated AI, though it's off by default - Blast from the past as GIMP 0.54 is revived in Flatpak form Retro-computing fun for the nostalgic with first and last release to use Motif instead of GTK - Bcachefs exits experimental status in new 'performance release' More Rust, but more trouble with AI slop, too - France's digital sovereignty push is struggling to escape the Microsoft gravity well Nextcloud rollout shows locally controlled storage is one thing; getting users off Office is quite another - History of CentOS: How a biochemist's Linux hobby project became the enterprise world's default operating system When a community came together after Red Hat said Windows was 'probably the right product' - Netflix wiz creates app to slash AI bills, then open sources it Project Headroom could save you big money, too