Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

A high-severity flaw in Amazon Q Developer, an AI coding assistant used across major IDEs, allows a malicious code repository to steal AWS cloud credentials automatically when a developer opens and trusts the workspace. No additional user interaction is required beyond opening the project; a single crafted configuration file can exfiltrate active AWS session tokens to an attacker-controlled server. Organizations with developers using Amazon Q Developer face direct risk of AWS account compromise, including unauthorized access to cloud infrastructure, data stores, and production environments.

Author

Tech Jacks Solutions