A high-severity flaw in Amazon's AI coding assistant for Visual Studio Code meant that opening the wrong Git repository could allow an attacker to execute code on a developer's machine and potentially hand them the keys to the dev's cloud environment. The bug, tracked as CVE-2026-12957 and assigned a CVSS 4.0 score of 8.5, centers on how Amazon Q handled Model Context Protocol (MCP) server configurations. Wiz found the extension would automatically load a repository's .amazonq/mcp.json file and execute the commands it contained when a developer opened the project and activated Amazon Q. "The security model assumes the user explicitly configures these servers. After all, you're granting an AI assistant permission to run arbitrary commands on your machine. This should require informed consent," the researchers write. "The vulnerability arose when this assumption was violated: Amazon Q automatically loaded MCP configurations from .amazonq/mcp.json within the workspace โ no prompt, no consent, no workspace trust check." MCP lets AI assistants launch local processes to carry out tasks. In Amazon Q's case, those processes inherited the developer's environment, giving them access to AWS credentials, API keys, authentication tokens, SSH agent sockets, and other secrets already loaded into the session. "The combination meant that a single malicious config file could execute arbitrary commands with full access to the developer's credentials โ no user interaction required beyond opening the folder and activating Amazon Q," Wiz said. To prove the attack worked, Wiz built a repository with a malicious MCP configuration. Opening the project and activating Amazon Q caused the extension to execute a command against AWS using the developer's existing credentials. Amazon fixed the bug in version 1.65.0 of its language server, which powers Amazon Q's IDE integrations. Existing installations should receive the patched component automatically unless you've blocked automatic updates. "We would like to thank Wiz for collaborating with us on this issue. We have remediated this issue in language server version 1.65.0," Amazon said in an advisory, though it didn't respond to The Register's questions. Wiz argues the bug is less an Amazon problem than an industry one. More and more AI coding assistants are adopting MCP to connect models to local tools and services, allowing them to execute commands on developers' machines. According to the researchers, similar workspace configuration flaws have recently surfaced in other AI coding tools. It suggests attackers have found a new place to lurk: the hidden files that developers rarely think twice about trusting. ยฎ
A 21-year-old Minnesota man who operated under the online alias โSnoopyโ was sentenced Tuesday to 18 months in federal prison for his role in a 2022 credential stuffing attack that compromised roughly 60,000 user accounts on the fantasy sports and betting platform DraftKings, resulting in hundreds of thousands of dollars in losses to customers.
Nathan Austad pleaded guilty in December to one count of conspiring to commit computer intrusion in the U.S. District Court for the Southern District of New York, which imposed the sentence. In addition to the prison term, Austad was ordered to serve three years of supervised release, pay over $1.3 million in restitution, and forfeit an additional $463,000.
In November 2022, Austad and his co-conspirators launched the attack against DraftKings via credential stuffing, successfully compromising approximately 60,000 accounts. In roughly 1,600 of those cases, the attackers added a new payment method under their own control to the compromised account and withdrew the available funds, stealing approximately $600,000 in total.
Access to the remaining compromised accounts was sold through cybercriminal marketplaces. Austad operated his own such shop, named after the Peanuts comic strip character Snoopy. Investigators also identified cryptocurrency accounts under Austadโs control that received approximately $465,000 in assets, including proceeds from his criminal activity.
A screenshot of the Snoopy cybercrime marketplace (Department of Justice)
Among the evidence presented in court were private messages in which Austad and his co-conspirators acknowledged that federal investigators were examining their activities even as the scheme was ongoing. In Dec. 2022, Austad wrote to a co-conspirator: โeveryone shouldve been prepared for this before cashing out lol.โ The co-conspirator replied: โlol fbi canโt do sโt.โ Months later, Austad wrote: โlike we didnt know the risk when we started lol . . . everyone knows their [sic] committing fraud.โ
U.S. Attorney Jay Clayton cited those exchanges in his statement following the sentencing.
โThe defendants acknowledged the federal investigation into their conduct while they were committing their crimes, even having the hubris to say the FBI could not do anything about it,โ Clayton said. โThey were wrong.โ
DraftKings disclosed the breach in Nov. 2022, initially reporting that less than $300,000 had been stolen from affected customers. A month later, the company revised that figure, disclosing that 67,995 accounts had been compromised.ย
Federal prosecutors have not officially named DraftKings in court filings, referring to the target as a โfantasy sports and betting website,โ though the details of the attack match the breach the company disclosed publicly.
Austad is the third defendant to be sentenced in the case. Joseph Garrison received 18 months in prison in January 2024, and Kamerin Stokes, who used the alias โTheMFNPlug,โ received 30 months in April 2026.ย
Security firm Huntress allegedly has a turncoat insider leaking info to a ransomware operation, according to an ex-employee who took his grievances to social media after claiming the security shop tried to โsilenceโ him with legal threats. And it all started with a Pinocchio GIF and clown emoji. Late last week, Huntress disclosed that it is among the โhundreds of Klue customersโ compromised in the supply-chain attack, stating that โHuntress believes in radical transparency about security incidents, including when it affects our company.โ Ben Folland, a former security operations analyst at Huntress who left the company in February, responded with a Pinocchio GIF and clown emoji - although, to be clear, his complaints about his former employer have nothing to do with the Klue incident. These stem from an earlier incident that Folland also detailed in a series of posts. According to Follandโs resignation letter, which he also shared on LinkedIn, he left the security firm for โpersonal reasons, and due to a conflict of interest,โ with his last day of work being February 19. This conflict, Folland alleges, arose from his December discovery that โanother Huntress employee passed communications from US law enforcement to a cybercriminal, DevMan, who is actively and publicly targeting my family and me.โ DevMan is a ransomware operation that first emerged in April 2025 and uses modified DragonForce code. โSince December 2025, I believe Huntress has been actively trying to conceal a serious security incident from its partners, customers, and employees involving an insider who is still employed at the company,โ Folland said in a LinkedIn post. The alleged insider was โcaught by the FBI,โ according to Folland, and continues to work as a Huntress employee. โThe incident in question would cause significant reputational damage to Huntress and, in my view, continues to put clients at risk,โ his LinkedIn post continued. โWith an IPO on the horizon, it appears their priority was not transparency, but keeping this away from the press.โ Folland also promised to publish, over the next two weeks, โevidence supporting the claims made in my resignation email,โ such as communications with the FBI and those between the Huntress employee and DevMan, recorded phone calls, internal Huntress memos, and threats targeting Folland and his family. The Register reached out to Folland for more information and did not receive a response. โIf you are an employee at a cybersecurity company, you should not be helping cybercriminals,โ he wrote on LinkedIn. โYou should not be informing them of active investigations. You should not be engaging in cybercriminal activity yourself.โ We also contacted Huntress about Follandโs accusations, and CEO Kyle Hanslovan responded via a spokesperson. "A former employee raised concerns that a teammate exercised poor judgment in communicating with a cybercriminal,โ Hanslovan said. โBy nature of our work as security researchers, teammates occasionally need to communicate with possible cybercriminals to gather intel that ultimately supports our partners and customers,โ he continued. โI appreciate the hell out of that former employee's concerns and we've taken them seriously every step of the way. I also have to make sure Huntress upholds its responsibility to protect the confidentiality of our teammates involved and the investigation underway.โ Hanslovan also assured Huntressโ partners, customers, and employees that if he learns โnew information that changes our assessment of the current situation, I will take quick and appropriate action.โ In a more direct response on Reddit, Hanslovan said he โfirmly disagree[s]โ and doesnโt โunderstand Ben's accusations.โ His company โstrongly disagree[s] with this โinsiderโ narrative,โ he wrote. โWe sure af didnโt prioritize an IPO over the safety of our partners, customers, or team.โ And about the FBI allegations: โSome aspects of this matter involve ongoing active coordination with law enforcement and legal proceedings that prevent us from providing a complete public account,โ Hanslovan wrote. โWe're not gonna litigate this on LinkedIn with Ben but will likely publish some form of official comms to make our stance clear for those needing something more than my reddit reply.โยฎ
Ukraine's state-owned postal operator said it was experiencing disruptions to some of its app services due to a suspected cyberattack, but did not say who was behind it.
The continued use of the powerful data extraction product soon after the company in March 2021 said it would stop working with Russia suggests the firm has been unable to pull back its technology from authoritarian government customers, researchers say.
In a novel maneuver for a disruption operation against cyber attackers, industry and law enforcement teamed up to conduct a court takedown of two widely-used criminal tools at once rather than individually, Microsoft said Tuesday.
The takedown simultaneously went after Amadey, a botnet that can serve as a malware delivery system, and StealC, an infostealer. Cybercriminals often use them in conjunction and they rely on the same infrastructure, Microsoft said.
โWhen multiple parts of an operation are disrupted together, attacks are harder to launch, scale, and recover from,โ said Steven Masada, assistant general counsel for Microsoftโs Digital Crimes Unit. โThe result: fewer disrupted services, fewer opportunities for cybercriminals to profit, and more friction when they try to rebuild. Itโs no longer enough to go after threats one by one. We need to interrupt how the attacks are put together.โ
Microsoft had been tracking Amadey with ESET, BitSight, Lumen and Mitsui Bussan Secure Directions. Meanwhile, Europol had been investigating StealC alongside law enforcement partners including Germanyโs Federal Criminal Police Office and the Dutch and Danish National Police as well as IBM X-Force and Proofpoint.
They then joined forces and turned to the Racketeer Influenced and Corrupt Organizations (RICO) Act, used to help authorities go after organized crime, to disrupt more than 200 command-and-control servers. Microsoft said it gained insights from its artificial intelligence product Copilot that โallowed the legal team to treat both malware families as part of a single criminal conspiracy.โ
Microsoft regularly leads court-authorized disruption operations, but the industry and law enforcement partnerships combined with AI to expand data collection and identify connections beyond what one company could normally do, it said.
Amadey and StealC were linked to more than 140,000 infected computers around the globe in the first week of May alone, the company said. StealC has ranked among the top infostealers for years since its emergence in 2023 and sells in underground forums as a malware-as-a-service. Itโs typically used by Russia-linked groups.
Amadey dates back to 2018, and is also commonly employed by Russian groups, including in attacks on Ukraine.
Their interaction shows the assembly line-like structure of modern cybercrime, Microsoft said. Even if the cybercriminals behind both tools never coordinate, their tools are designed to work together, it said.
โStealC is an infostealer that collects sensitive data from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms,โ the company wrote in a separate blog post. โIt is a malware-as-a-service (MaaS) offering that threat actors use to generate customized payloads and manage stolen data through a centralized web panel. Meanwhile, Amadey is a MaaS loader that threat actors use to deliver StealC and other malware. Modular, pay-as-you-go models like StealC and Amadey allow threat actors to use a single initial infection to quickly escalate into multiple other threats.โ
Nathan Austad has been ordered to pay roughly $1.8 million in forfeiture and restitution, and the sentence also includes 3 years of supervised release.ย
Microsoft touted its latest action against malware infrastructure as a new approach aimed at the full cybercrime "supply chain." Europol said more than 300 servers were targeted.
The company said in a regulatory filing that it became aware of the incident on Tuesday morning and had taken precautionary measures to contain its impact.
The Justice Department on Tuesday said it has seized infrastructure tied to what officials called one of the worldโs most prolific criminal marketplaces, used to commit cyber scams and other crimes.
The seized cloud computing account hosted backend infrastructure used by subsidiaries of the Huione Group, a Cambodia-based corporate conglomerate.
At the same time, the Treasury Department announced fresh sanctions and more against Huione and affiliated companies. The administration actions Tuesday add to disruption efforts from last fall against pieces of the same network.
The Trump administration has placed an emphasis on combating transnational cybercrime and other kinds of scams and fraud.
The seized cloud computing account was used to operate Huione Guarantee, also known as Haowang Guarantee, according to Tuesdayโs DOJ announcement.
โThe Huione Group used this cloud computing account as part of a technological backbone that allowed billions in fraud proceeds to be transferred, moved, and concealed โ much of it stolen through Southeast Asian scam centers,โ said Tysen Duva, assistant attorney general of the Justice Departmentโs Criminal Division. โSeizures of these marketplaces is critical in the fight against fraud that affects so many Americans, and to stop avenues for criminal proceeds to be laundered.โ
U.S. officials allege that Huione Guarantee operated Telegram channels with discussions about illicit goods and services, including the sale of stolen credit card and sensitive personal information, malware-enabled thefts, human trafficking schemes and the laundering of money from romance and investment scams. Huione Guarantee also allegedly offered escrow services for criminals such as money launderers for cryptocurrency.
Treasury took two steps Tuesday to build on its move in October to sever Huione Group from the U.S. financial system. One was to tack H-Pay Service onto its rule for Huione Group as a successor entity. And it slapped nine people and 26 entities linked to Prince Group with sanctions.
โHuione Group served as a critical node for laundering proceeds of cyber heists and virtual currency investment scams and was used by the Prince Group to transfer and consolidate scam-derived assets,โ Treasuryโs announcement states.
Also last October, the Justice Department said it seized bitcoin valued at $15 billion from the chairman of the Prince Group, Chen Zhi, and indicted him over alleged cryptocurrency crimes and other schemes.ย
An Algerian man known online as โSPOXโ was extradited from Spain and charged with running a black-market cybercrime operation that prosecutors say defrauded thousands of victims and funneled roughly $900,000 through a cryptocurrency account over a three-year period.
Abdellah Belmili, 26, made his initial appearance Monday in the U.S. District Court for the Western District of New York in Buffalo. He faces a single count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison.ย
He was extradited from Spain earlier this month.
Federal investigators say Belmili allegedly created and administered at least two illicit online marketplaces, market0day.com and spoxy.us, that operated similarly to commercial e-commerce platforms. The marketplaces sold financial credentials, phishing kits, compromised email server access, and other tools used to carry out fraud. All transactions on the sites were conducted in Bitcoin.
According to court documents, the FBI became aware of the marketplaces in September 2020 through a confidential source. The siteโs administrator was already known to investigators as a prolific creator of phishing kits targeting major U.S. financial institutions.
In 2020, undercover FBI agents used the marketplace to buy a phishing kit designed to replicate JPMorgan Chaseโs login page and capture victimsโ personal information. Agents also purchased access to a compromised email server. A third item โ access to a website control panel โ was paid for but never delivered, prompting customer complaints on Belmiliโs Telegram channel.
Shortly after those complaints surfaced, Belmili announced he was closing market0day.com and redirecting customers to a new site, spoxy.us, which he described as a โnew store for bulk sms,โ which typically refers to mass phishing via text message.ย
The new site used the same template, color scheme, and navigation structure as its predecessor and was registered using the stolen identity of a 77-year-old Texas resident.
Investigators identified Belmili through a combination of open-source research, search warrants, and records obtained from technology and financial companies. Early versions of his phishing kit code contained his full name, โDila Belmili,โ embedded in the source alongside his Telegram handle and a link to the marketplaces. Facebook accounts linked to the alias โspox_coderโ listed โDila Belmili (spox)โ as the display name, and customers had posted complaints about phishing kit purchases directly on his profile.
Records obtained from Google showed that Belmili used his personal email account to search for financial institution logos, hacking tools, and methods for generating fake identities and credit card numbers. The same account received approximately 1,400 emails containing victimsโ stolen personal information from active phishing kits targeting American Express, Bank of America, Cash App, JP Morgan Chase, PayPal, and Wells Fargo.
Investigators also found that Belmili had built hidden backdoors into phishing kits he sold to other criminals, allowing him to continue harvesting victim data even after the kits changed hands.
Records from cryptocurrency exchange Binance showed approximately $900,000 deposited into an account registered to Belmili between Jan. 2020 and Jan. 2023. Of that amount, roughly $760,000 was transferred to other accounts or converted into other forms of cryptocurrency, while approximately $41,000 was withdrawn from ATMs.ย
In total, investigators identified approximately 595 distinct phishing kits created by Belmili. Analysis of victim data exported to Telegram pages and email accounts linked to the operation identified roughly 5,600 victims in the United States and internationally.
โThis defendant thought that he could get away with defrauding thousands of victims out of hundreds of thousands of dollars by using fake names and hiding behind a keyboard to steal bank account and credit card numbers,โ said U.S. Attorney Michael DiGiacomo in a release. โThis arrest makes clear that, regardless of where you operate, our law enforcement partners will find you โ and when they do, you will face the full consequences of your actions.โย
Japanese telco KDDI has messed up by allowing an attacker to access systems powering an email service it manages for itself and other local ISPs, and which stores info on up to 14.2 million users. The company yesterday posted a confession [PDF] that it detected unauthorized access to the email system it offers to third-party customers on June 17th. Machine translation of the confession suggests that KDDI investigated the situation and found attackers exploited a vulnerability in third-party software used on the email service, without claiming that vuln was a zero-day it had no chance of defending or an explanation of why it was running vulnerable software. Thereโs some good news because KDDI was able to prevent further intrusion on the same day it noticed the attack, and says it has bolstered its defences to prevent future intrusions. But the carrier also fears that up to 14.2 million email addresses and passwords may have leaked and therefore warned that third parties may have obtained personal data. Thankfully, the company had hashed and encrypted the passwords โ so users only have to fear phishing and identity theft, instead of something nastier. However, some of the data KDDI thinks may have leaked pertains to dormant accounts or others that users cancelled, meaning some potential victims will be hard to contact if the attackers have indeed stolen data. KDDI is one user of the hacked platform, and also provides it to Japanese ISPs STNet, JCOM, Chubu Telecommunications Co., Nifty Corporation, and BIGLOBE. Those companies now get to explain KDDIโs failure to their own customers, and perhaps also have the chance to revisit any other outsourcing deals with the carrier. Others who rely on KDDI to provide them with various services also get to ask the company some stern questions about whether its other platforms are secure. The carrier, meanwhile, says itโs informed the relevant authorities of the situation, but is yet to complete an investigation so remains unaware of the full extent of the mess. ยฎ
The Department of Justice announced the โseizure of a cloud computing accountโ used by subsidiaries of the Huione Group, a conglomerate severed from the U.S. financial system last year.
An executive order signed Monday aims to accelerate the government's transition to post-quantum cryptography (PQC), a new generation of encryption designed to protect data from the powerful quantum computers expected in the future.
A 20-year-old and an 18-year-old admitted to infiltrating the network of Transport for London in 2024, disrupting public transportation services for months.
Login
