Hacker inserts destructive code in Amazon Q tool as update goes live - csoonline.com

A hacker injected destructive system commands into Amazon's Visual Studio Code extension for Amazon Q via a compromised GitHub repository, distributing it through an official update. This supply chain attack exploited a lack of stringent vetting to leverage prompt injection, aiming to redefine the AI agent's behavior at runtime to erase user data and cloud resources.