BeyondMachines :verified:<p>Amazon Q developer extension for VS Code compromised, used to plant wiping commands</p><p>A malicious actor successfully infiltrated AWS's supply chain between July 13-19, 2025, injecting destructive code into the widely-used Amazon Q Developer Extension for Visual Studio Code (version 1.84.0) that would have instructed the AI assistant to systematically delete user data and cloud infrastructure. This supply chain attack, which potentially exposed tens of thousands of developers during the two-day distribution window, shows a new cybersecurity threat vector in which AI prompt injection can be weaponized at the system level through compromised development tools.</p><p>**Be very careful (and ideally DON'T USE) AI assistants. The AI source code ecosystem is far from stable, and the race to deploy more features causes a lot of problems and vulnerabilities that you are bringing to your own systems. If you use the Amazon Q Developer Extension for VS Code, immediately check your version and update to the latest version (1.85.0 or newer).**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/amazon-q-developer-extension-for-vs-code-compromised-j-1-q-e-p/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/amazon-q-developer-extension-for-vs-code-compromised-j-1-q-e-p/gD2P6Ple2L</span></a></p>