MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension
By automatically loading MCP servers from workspace files, Amazon Q enabled attackers to execute code and access sensitive cloud environments.
Maor Dokhanian
Maor Dokhanian 게시물
Soco404: Multiplatform Cryptomining Campaign Uses Fake Error Pages to Hide Payload
Wiz Research has identified a new iteration of a broader malicious cryptomining campaign, which we’ve dubbed Soco404.