The Register03 phút
Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
A security flaw in Amazon Q allowed malicious Git repositories to execute arbitrary code and steal cloud credentials. Researchers highlight that many AI coding assistants now automatically execute commands from project configuration files, creating a broad attack surface for booby-trapped repositories to compromise developer environments and cloud accounts.