Now Playing
AI Dev Tool Backdoors, Europe's Ransomware Surge & Dark Web AI Explosion
Audio is available on Spreaker — see link below.
Malicious config files are silently executing code with your AWS credentials — and the flaw spans Amazon Q, Claude Code, Cursor, and Windsurf. Plus: European ransomware up 55%, dark web AI hacking tools up 4,000%, and SIP telephony under industrial-scale attack.
Audio is available on Spreaker — see link below.
A configuration file sitting quietly in a code repository just became one of the more consequential attack vectors of the year. CVE-2026-12957, affecting Amazon Q Developer, lets a malicious dot-amazonq slash mcp-dot-json file execute arbitrary code the moment a developer opens a project.
Here's what matters beyond Amazon Q specifically. The Model Context Protocol, the standard that lets AI coding assistants spawn local processes and reach into databases and APIs, was built around implicit trust in project-level config files.
Shift to Europe, where the ransomware picture got significantly sharper this week. Publicly disclosed incidents jumped fifty-five percent in the first four months of twenty-twenty-six compared to the same period in twenty-twenty-five.
The democratization story runs underneath all of this. Posts referencing AI hacking tools on dark web forums went from thirty-eight in December twenty-twenty-five to roughly fifteen hundred by February twenty-twenty-six.
One more blindspot worth flagging. A honeypot monitoring SIP phone systems recorded one-point-eight-six million credential attempts across just eighteen days.
The through-line across today's briefing is consistent: implicit trust, whether in a repo config, a supplier relationship, or a phone system's authentication model, is being exploited methodically. The patches exist for the AI dev tool vulnerabilities.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.