A high-severity flaw in Amazon's AI coding assistant for Visual Studio Code meant that opening the wrong Git repository could allow an attacker to execute code on a developer's machine and potentially hand them the keys to the dev's cloud environment. The bug, tracked as CVE-2026-12957 and assigned a CVSS 4.0 score of 8.5, centers on how Amazon Q handled Model Context Protocol (MCP) server configurations. Wiz found the extension would automatically load a repository's .amazonq/mcp.json file and execute the commands it contained when a developer opened the project and activated Amazon Q. "The security model assumes the user explicitly configures these servers. After all, you're granting an AI assistant permission to run arbitrary commands on your machine. This should require informed consent," the researchers write. "The vulnerability arose when this assumption was violated: Amazon Q automatically loaded MCP configurations from .amazonq/mcp.json within the workspace – no prompt, no consent, no workspace trust check." MCP lets AI assistants launch local processes to carry out tasks. In Amazon Q's case, those processes inherited the developer's environment, giving them access to AWS credentials, API keys, authentication tokens, SSH agent sockets, and other secrets already loaded into the session. "The combination meant that a single malicious config file could execute arbitrary commands with full access to the developer's credentials – no user interaction required beyond opening the folder and activating Amazon Q," Wiz said. To prove the attack worked, Wiz built a repository with a malicious MCP configuration. Opening the project and activating Amazon Q caused the extension to execute a command against AWS using the developer's existing credentials. Amazon fixed the bug in version 1.65.0 of its language server, which powers Amazon Q's IDE integrations. Existing installations should receive the patched component automatically unless you've blocked automatic updates. "We would like to thank Wiz for collaborating with us on this issue. We have remediated this issue in language server version 1.65.0," Amazon said in an advisory, though it didn't respond to The Register's questions. Wiz argues the bug is less an Amazon problem than an industry one. More and more AI coding assistants are adopting MCP to connect models to local tools and services, allowing them to execute commands on developers' machines. According to the researchers, similar workspace configuration flaws have recently surfaced in other AI coding tools. It suggests attackers have found a new place to lurk: the hidden files that developers rarely think twice about trusting. ®
A 21-year-old Minnesota man who operated under the online alias “Snoopy” was sentenced Tuesday to 18 months in federal prison for his role in a 2022 credential stuffing attack that compromised roughly 60,000 user accounts on the fantasy sports and betting platform DraftKings, resulting in hundreds of thousands of dollars in losses to customers.
Nathan Austad pleaded guilty in December to one count of conspiring to commit computer intrusion in the U.S. District Court for the Southern District of New York, which imposed the sentence. In addition to the prison term, Austad was ordered to serve three years of supervised release, pay over $1.3 million in restitution, and forfeit an additional $463,000.
In November 2022, Austad and his co-conspirators launched the attack against DraftKings via credential stuffing, successfully compromising approximately 60,000 accounts. In roughly 1,600 of those cases, the attackers added a new payment method under their own control to the compromised account and withdrew the available funds, stealing approximately $600,000 in total.
Access to the remaining compromised accounts was sold through cybercriminal marketplaces. Austad operated his own such shop, named after the Peanuts comic strip character Snoopy. Investigators also identified cryptocurrency accounts under Austad’s control that received approximately $465,000 in assets, including proceeds from his criminal activity.
A screenshot of the Snoopy cybercrime marketplace (Department of Justice)
Among the evidence presented in court were private messages in which Austad and his co-conspirators acknowledged that federal investigators were examining their activities even as the scheme was ongoing. In Dec. 2022, Austad wrote to a co-conspirator: “everyone shouldve been prepared for this before cashing out lol.” The co-conspirator replied: “lol fbi can’t do s–t.” Months later, Austad wrote: “like we didnt know the risk when we started lol . . . everyone knows their [sic] committing fraud.”
U.S. Attorney Jay Clayton cited those exchanges in his statement following the sentencing.
“The defendants acknowledged the federal investigation into their conduct while they were committing their crimes, even having the hubris to say the FBI could not do anything about it,” Clayton said. “They were wrong.”
DraftKings disclosed the breach in Nov. 2022, initially reporting that less than $300,000 had been stolen from affected customers. A month later, the company revised that figure, disclosing that 67,995 accounts had been compromised.
Federal prosecutors have not officially named DraftKings in court filings, referring to the target as a “fantasy sports and betting website,” though the details of the attack match the breach the company disclosed publicly.
Austad is the third defendant to be sentenced in the case. Joseph Garrison received 18 months in prison in January 2024, and Kamerin Stokes, who used the alias “TheMFNPlug,” received 30 months in April 2026.
Security firm Huntress allegedly has a turncoat insider leaking info to a ransomware operation, according to an ex-employee who took his grievances to social media after claiming the security shop tried to “silence” him with legal threats. And it all started with a Pinocchio GIF and clown emoji. Late last week, Huntress disclosed that it is among the “hundreds of Klue customers” compromised in the supply-chain attack, stating that “Huntress believes in radical transparency about security incidents, including when it affects our company.” Ben Folland, a former security operations analyst at Huntress who left the company in February, responded with a Pinocchio GIF and clown emoji - although, to be clear, his complaints about his former employer have nothing to do with the Klue incident. These stem from an earlier incident that Folland also detailed in a series of posts. According to Folland’s resignation letter, which he also shared on LinkedIn, he left the security firm for “personal reasons, and due to a conflict of interest,” with his last day of work being February 19. This conflict, Folland alleges, arose from his December discovery that “another Huntress employee passed communications from US law enforcement to a cybercriminal, DevMan, who is actively and publicly targeting my family and me.” DevMan is a ransomware operation that first emerged in April 2025 and uses modified DragonForce code. “Since December 2025, I believe Huntress has been actively trying to conceal a serious security incident from its partners, customers, and employees involving an insider who is still employed at the company,” Folland said in a LinkedIn post. The alleged insider was “caught by the FBI,” according to Folland, and continues to work as a Huntress employee. “The incident in question would cause significant reputational damage to Huntress and, in my view, continues to put clients at risk,” his LinkedIn post continued. “With an IPO on the horizon, it appears their priority was not transparency, but keeping this away from the press.” Folland also promised to publish, over the next two weeks, “evidence supporting the claims made in my resignation email,” such as communications with the FBI and those between the Huntress employee and DevMan, recorded phone calls, internal Huntress memos, and threats targeting Folland and his family. The Register reached out to Folland for more information and did not receive a response. “If you are an employee at a cybersecurity company, you should not be helping cybercriminals,” he wrote on LinkedIn. “You should not be informing them of active investigations. You should not be engaging in cybercriminal activity yourself.” We also contacted Huntress about Folland’s accusations, and CEO Kyle Hanslovan responded via a spokesperson. "A former employee raised concerns that a teammate exercised poor judgment in communicating with a cybercriminal,” Hanslovan said. “By nature of our work as security researchers, teammates occasionally need to communicate with possible cybercriminals to gather intel that ultimately supports our partners and customers,” he continued. “I appreciate the hell out of that former employee's concerns and we've taken them seriously every step of the way. I also have to make sure Huntress upholds its responsibility to protect the confidentiality of our teammates involved and the investigation underway.” Hanslovan also assured Huntress’ partners, customers, and employees that if he learns “new information that changes our assessment of the current situation, I will take quick and appropriate action.” In a more direct response on Reddit, Hanslovan said he “firmly disagree[s]” and doesn’t “understand Ben's accusations.” His company “strongly disagree[s] with this ‘insider’ narrative,” he wrote. “We sure af didn’t prioritize an IPO over the safety of our partners, customers, or team.” And about the FBI allegations: “Some aspects of this matter involve ongoing active coordination with law enforcement and legal proceedings that prevent us from providing a complete public account,” Hanslovan wrote. “We're not gonna litigate this on LinkedIn with Ben but will likely publish some form of official comms to make our stance clear for those needing something more than my reddit reply.”®
Ukraine's state-owned postal operator said it was experiencing disruptions to some of its app services due to a suspected cyberattack, but did not say who was behind it.
The continued use of the powerful data extraction product soon after the company in March 2021 said it would stop working with Russia suggests the firm has been unable to pull back its technology from authoritarian government customers, researchers say.
In a novel maneuver for a disruption operation against cyber attackers, industry and law enforcement teamed up to conduct a court takedown of two widely-used criminal tools at once rather than individually, Microsoft said Tuesday.
The takedown simultaneously went after Amadey, a botnet that can serve as a malware delivery system, and StealC, an infostealer. Cybercriminals often use them in conjunction and they rely on the same infrastructure, Microsoft said.
“When multiple parts of an operation are disrupted together, attacks are harder to launch, scale, and recover from,” said Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit. “The result: fewer disrupted services, fewer opportunities for cybercriminals to profit, and more friction when they try to rebuild. It’s no longer enough to go after threats one by one. We need to interrupt how the attacks are put together.”
Microsoft had been tracking Amadey with ESET, BitSight, Lumen and Mitsui Bussan Secure Directions. Meanwhile, Europol had been investigating StealC alongside law enforcement partners including Germany’s Federal Criminal Police Office and the Dutch and Danish National Police as well as IBM X-Force and Proofpoint.
They then joined forces and turned to the Racketeer Influenced and Corrupt Organizations (RICO) Act, used to help authorities go after organized crime, to disrupt more than 200 command-and-control servers. Microsoft said it gained insights from its artificial intelligence product Copilot that “allowed the legal team to treat both malware families as part of a single criminal conspiracy.”
Microsoft regularly leads court-authorized disruption operations, but the industry and law enforcement partnerships combined with AI to expand data collection and identify connections beyond what one company could normally do, it said.
Amadey and StealC were linked to more than 140,000 infected computers around the globe in the first week of May alone, the company said. StealC has ranked among the top infostealers for years since its emergence in 2023 and sells in underground forums as a malware-as-a-service. It’s typically used by Russia-linked groups.
Amadey dates back to 2018, and is also commonly employed by Russian groups, including in attacks on Ukraine.
Their interaction shows the assembly line-like structure of modern cybercrime, Microsoft said. Even if the cybercriminals behind both tools never coordinate, their tools are designed to work together, it said.
“StealC is an infostealer that collects sensitive data from browsers, cryptocurrency wallets, messaging applications, email clients, and gaming platforms,” the company wrote in a separate blog post. “It is a malware-as-a-service (MaaS) offering that threat actors use to generate customized payloads and manage stolen data through a centralized web panel. Meanwhile, Amadey is a MaaS loader that threat actors use to deliver StealC and other malware. Modular, pay-as-you-go models like StealC and Amadey allow threat actors to use a single initial infection to quickly escalate into multiple other threats.”
Nathan Austad has been ordered to pay roughly $1.8 million in forfeiture and restitution, and the sentence also includes 3 years of supervised release.
Microsoft touted its latest action against malware infrastructure as a new approach aimed at the full cybercrime "supply chain." Europol said more than 300 servers were targeted.
The company said in a regulatory filing that it became aware of the incident on Tuesday morning and had taken precautionary measures to contain its impact.
Airbnb scams have surged 30x since 2023, including a sharp rise this year
Criminals hijack legitimate host accounts to to trick holidaymakers
Staying safe isn't so straightforward as threats evolve
Airbnb-related scam activity has increased 30x since the first half of 2023, according to new research from Saily and NordStellar, confirming that cybercriminals continue to go after holidaymakers seeking the best deals amid rising prices.
The report ultimately concludes that attackers are now targeting the trust built by larger platforms, saving them from having to build new identities from scratch.
And to top it all off, the nature of scams is also changing, as instead of using suspicious websites to obtain victim payments or information, criminals are now targeting legitimate Airbnb host accounts which have spent years amassing positive reviews and high ratings.
Exploiting legitimate accounts and hijacking trust
While the end goal remains high volumes of vulnerable consumers, scammers have added an extra layer of victim in their pipeline. Verified Airbnb hosts are now valuable assets for criminals because they already have identity verifications, positive reviews, booking histories, years of activity and established credibility.
Once the verified account is compromised, attackers can then go on to scam higher volumes of unsuspecting victims by posting – and charging for – fake property listings.
“Travelers are getting better at spotting obvious scams,” Saily Head of Product Matas Cenys said. “Criminals know this, so they are increasingly trying to steal trust instead of building fake trust from scratch.”
Where this type of attack differs from others, though, is that the victims never leave the platform. Rather than falling victim to phishing attacks and being redirected to malicious external sites, they interact fully with supposed legitimate hosts on the Airbnb platform.
While Airbnb attacks have seen a 30x increase in around three years and a sharp rise in the last year alone, they reflect a much broader trend of attackers compromising existing trusted accounts.
The recent ramp-up in attacks could also be tied to the summer season, with holidaymakers looking to book last-minute deals in the run-up to the summer season. Urgency and pressure to keep costs low also adds to criminals’ success.
“Everything looks normal until they arrive at their destination and discover the accommodation never existed," Cenys added.
How to protect yourself from booking scams
Saily is recommending that all communication stays within the booking platform and that customers avoid payment methods suggested outside of official channels. Unusually attractive listings in high-demand destinations could also be taken with a pinch of salt, and savvy shoppers may choose to reverse image search a property to double check its authenticity.
“As travel booking becomes increasingly digital, trust becomes one of the most valuable currencies in the travel ecosystem,” Cenys warned.
As for abusing victim trust, researchers also argue that AI has aided attacks by allowing criminals to produce better fake listings more quickly.
More generally, Airbnb revealed that two in five Americans have fallen victim for an online scam, with the average loss totalling nearly $2,000. The company has introduced measures to remind its users how to avoid scams, including introducing identity verification and reminders not to leave the platform, but account takeovers can still slip under the radar.
Airbnb also holds guest payments until 24 hours after check-in to ensure that everything is as described. Anti-fraud tech also prevented around 265,000 suspicious listings from appearing on the platform in 2025, the company boasted.
The company posted a comprehensive eight-step list of how to avoid scams on its platform online, calling out pressure tactics and unusual deals.
The Justice Department on Tuesday said it has seized infrastructure tied to what officials called one of the world’s most prolific criminal marketplaces, used to commit cyber scams and other crimes.
The seized cloud computing account hosted backend infrastructure used by subsidiaries of the Huione Group, a Cambodia-based corporate conglomerate.
At the same time, the Treasury Department announced fresh sanctions and more against Huione and affiliated companies. The administration actions Tuesday add to disruption efforts from last fall against pieces of the same network.
The Trump administration has placed an emphasis on combating transnational cybercrime and other kinds of scams and fraud.
The seized cloud computing account was used to operate Huione Guarantee, also known as Haowang Guarantee, according to Tuesday’s DOJ announcement.
“The Huione Group used this cloud computing account as part of a technological backbone that allowed billions in fraud proceeds to be transferred, moved, and concealed — much of it stolen through Southeast Asian scam centers,” said Tysen Duva, assistant attorney general of the Justice Department’s Criminal Division. “Seizures of these marketplaces is critical in the fight against fraud that affects so many Americans, and to stop avenues for criminal proceeds to be laundered.”
U.S. officials allege that Huione Guarantee operated Telegram channels with discussions about illicit goods and services, including the sale of stolen credit card and sensitive personal information, malware-enabled thefts, human trafficking schemes and the laundering of money from romance and investment scams. Huione Guarantee also allegedly offered escrow services for criminals such as money launderers for cryptocurrency.
Treasury took two steps Tuesday to build on its move in October to sever Huione Group from the U.S. financial system. One was to tack H-Pay Service onto its rule for Huione Group as a successor entity. And it slapped nine people and 26 entities linked to Prince Group with sanctions.
“Huione Group served as a critical node for laundering proceeds of cyber heists and virtual currency investment scams and was used by the Prince Group to transfer and consolidate scam-derived assets,” Treasury’s announcement states.
Also last October, the Justice Department said it seized bitcoin valued at $15 billion from the chairman of the Prince Group, Chen Zhi, and indicted him over alleged cryptocurrency crimes and other schemes.
An Algerian man known online as “SPOX” was extradited from Spain and charged with running a black-market cybercrime operation that prosecutors say defrauded thousands of victims and funneled roughly $900,000 through a cryptocurrency account over a three-year period.
Abdellah Belmili, 26, made his initial appearance Monday in the U.S. District Court for the Western District of New York in Buffalo. He faces a single count of conspiracy to commit bank fraud, which carries a maximum sentence of 30 years in prison.
He was extradited from Spain earlier this month.
Federal investigators say Belmili allegedly created and administered at least two illicit online marketplaces, market0day.com and spoxy.us, that operated similarly to commercial e-commerce platforms. The marketplaces sold financial credentials, phishing kits, compromised email server access, and other tools used to carry out fraud. All transactions on the sites were conducted in Bitcoin.
According to court documents, the FBI became aware of the marketplaces in September 2020 through a confidential source. The site’s administrator was already known to investigators as a prolific creator of phishing kits targeting major U.S. financial institutions.
In 2020, undercover FBI agents used the marketplace to buy a phishing kit designed to replicate JPMorgan Chase’s login page and capture victims’ personal information. Agents also purchased access to a compromised email server. A third item — access to a website control panel — was paid for but never delivered, prompting customer complaints on Belmili’s Telegram channel.
Shortly after those complaints surfaced, Belmili announced he was closing market0day.com and redirecting customers to a new site, spoxy.us, which he described as a “new store for bulk sms,” which typically refers to mass phishing via text message.
The new site used the same template, color scheme, and navigation structure as its predecessor and was registered using the stolen identity of a 77-year-old Texas resident.
Investigators identified Belmili through a combination of open-source research, search warrants, and records obtained from technology and financial companies. Early versions of his phishing kit code contained his full name, “Dila Belmili,” embedded in the source alongside his Telegram handle and a link to the marketplaces. Facebook accounts linked to the alias “spox_coder” listed “Dila Belmili (spox)” as the display name, and customers had posted complaints about phishing kit purchases directly on his profile.
Records obtained from Google showed that Belmili used his personal email account to search for financial institution logos, hacking tools, and methods for generating fake identities and credit card numbers. The same account received approximately 1,400 emails containing victims’ stolen personal information from active phishing kits targeting American Express, Bank of America, Cash App, JP Morgan Chase, PayPal, and Wells Fargo.
Investigators also found that Belmili had built hidden backdoors into phishing kits he sold to other criminals, allowing him to continue harvesting victim data even after the kits changed hands.
Records from cryptocurrency exchange Binance showed approximately $900,000 deposited into an account registered to Belmili between Jan. 2020 and Jan. 2023. Of that amount, roughly $760,000 was transferred to other accounts or converted into other forms of cryptocurrency, while approximately $41,000 was withdrawn from ATMs.
In total, investigators identified approximately 595 distinct phishing kits created by Belmili. Analysis of victim data exported to Telegram pages and email accounts linked to the operation identified roughly 5,600 victims in the United States and internationally.
“This defendant thought that he could get away with defrauding thousands of victims out of hundreds of thousands of dollars by using fake names and hiding behind a keyboard to steal bank account and credit card numbers,” said U.S. Attorney Michael DiGiacomo in a release. “This arrest makes clear that, regardless of where you operate, our law enforcement partners will find you – and when they do, you will face the full consequences of your actions.”
Japanese telco KDDI has messed up by allowing an attacker to access systems powering an email service it manages for itself and other local ISPs, and which stores info on up to 14.2 million users. The company yesterday posted a confession [PDF] that it detected unauthorized access to the email system it offers to third-party customers on June 17th. Machine translation of the confession suggests that KDDI investigated the situation and found attackers exploited a vulnerability in third-party software used on the email service, without claiming that vuln was a zero-day it had no chance of defending or an explanation of why it was running vulnerable software. There’s some good news because KDDI was able to prevent further intrusion on the same day it noticed the attack, and says it has bolstered its defences to prevent future intrusions. But the carrier also fears that up to 14.2 million email addresses and passwords may have leaked and therefore warned that third parties may have obtained personal data. Thankfully, the company had hashed and encrypted the passwords – so users only have to fear phishing and identity theft, instead of something nastier. However, some of the data KDDI thinks may have leaked pertains to dormant accounts or others that users cancelled, meaning some potential victims will be hard to contact if the attackers have indeed stolen data. KDDI is one user of the hacked platform, and also provides it to Japanese ISPs STNet, JCOM, Chubu Telecommunications Co., Nifty Corporation, and BIGLOBE. Those companies now get to explain KDDI’s failure to their own customers, and perhaps also have the chance to revisit any other outsourcing deals with the carrier. Others who rely on KDDI to provide them with various services also get to ask the company some stern questions about whether its other platforms are secure. The carrier, meanwhile, says it’s informed the relevant authorities of the situation, but is yet to complete an investigation so remains unaware of the full extent of the mess. ®
The Department of Justice announced the “seizure of a cloud computing account” used by subsidiaries of the Huione Group, a conglomerate severed from the U.S. financial system last year.
An executive order signed Monday aims to accelerate the government's transition to post-quantum cryptography (PQC), a new generation of encryption designed to protect data from the powerful quantum computers expected in the future.
Login
