Kaspersky details StrikeShark, a likely Chinese-speaking campaign using SharkLoader, public CVE exploits, and droppers to deploy Cobalt Strike.
Get the latest international news and world events from around the world.
Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs
A high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer’s cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it.
Tracked as CVE-2026–12957 (CVSS 8.5), the bug sat in how Amazon’s AI coding assistant handled Model Context Protocol (MCP) servers.
Wiz Research, which found and reported it, showed that a single config file dropped in a repo was enough to go from git clone to cloud compromise.
Epidemiology of cardiovascular–kidney–metabolic syndrome
The cardiovascular–kidney–metabolic (CKM) syndrome paradigm is aimed at reflecting the complex interactions between chronic kidney disease, cardiovascular disease and metabolic dysfunction. Here, the authors discuss current CKM syndrome epidemiological data, examine key determinants of CKM health and consider the potential clinical implications and limitations of the CKM syndrome framework.