SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
About Amazon

AWS Secret Cloud for Industry gives defense contractors a faster, more secure path to classified innovation

The new offering opens the door for cleared defense contractors to build on AWS's classified cloud, backed by an up to $20 ...
Dark Reading

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that executes arbitrary code and steals cloud credentials, showcasing MCP risk ...

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
latesthackingnews.comOpinion

Amazon Q’s MCP Flaw Is an Industry Warning: AI Tools Still Lack Workspace Trust Standards

CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
About Amazon

AWS is investing billions to put AI into production for the public sector

CIA Director Ratcliffe, Energy Secretary Wright, and UK CTO Patel joined the AWS Summit D.C. keynote for major classified ...