Hacker injected a malicious prompt into Amazon Q via GitHub

[Brownie2019]

Content source

https://hackread.com/hacker-added-prompt-amazon-q-erase-files-cloud-data/

A security vulnerability recently surfaced involving Amazon’s AI coding assistant, ‘Q’, integrated with VS Code. The incident, reported by 404 Media, revealed a lapse in Amazon’s security protocols, allowing a hacker to insert malicious commands into a publicly released update.

The hacker, using a temporary GitHub account, managed to submit a pull request that granted them administrative access. Within this unauthorised update, destructive instructions were embedded, directing the AI assistant to potentially delete user files and wipe clean Amazon Web Services (AWS) environments.

Read more here:

Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

hackread.com