Amazon Canada and the National Hockey League Players’ Association (NHLPA) today announced an expansion of their ongoing partnership, with Amazon committing more than $1 million CAD to local community organizations in 32 North American cities during the 2026–2027 hockey season.
The partnership reflects Amazon’s broader commitment to supporting the communities it serves, and where its employees live and work. Since launching in 2024, the partnership with the NHLPA has focused on delivering local impact by working closely with players and community organizations across Canada and, more recently, the United States.
As the first event of the expanded partnership, Amazon and the NHLPA are kicking off in Ottawa, where three local organizations with connections to NHLPA Goals & Dreams will each receive a $25,000 CAD donation to support their work making hockey more accessible and inclusive: Ottawa Power Wheelchair Hockey League, Canadian Blind Hockey Association, and Next Shift Canada.
Through the 2025–2026 NHL season, the partnership delivered more than $60,000 CAD in donations in Canada and more than $230,000 USD in the U.S., with organizations already seeing the impact–from expanding facilities to increasing access to critical community programs.
As part of the expanded partnership, NHL players will visit Amazon facilities in all 32 cities throughout the 2026–2027 NHL season, connecting with employees and presenting donations to local organizations making a meaningful impact in their communities.
High-Severity Flaw in Amazon Q Enabled Credential Theft via Malicious Repositories
Posted in Commentary with tags Amazon on June 27, 2026 by itnerdResearchers have uncovered a high-severity vulnerability in Amazon Q Developer Extension for Visual Studio Code (VS Code), which allowed attackers to achieve arbitrary code execution and cloud credential theft by having a developer open a malicious repository. Amazon Q automatically loaded MCP server configurations from workspace files without user consent. Combined with full environment inheritance, this enabled immediate code execution.
Rohit Valia, CEO of cybersecurity company Tumeryk, provided the following comments:
“The Amazon Q vulnerability shows us why AI coding assistants are now a legitimate attack surface. Organizations need to treat every AI tool with environment access as a potential credential exfiltration path. They need to ensure there are AI guardrails to block access for every AI tool use unless it is an approved action with real-time Risk Scoring of the prompts and responses for continuous observability.”
AI is all over the place. Most notably it is used by developers to develop code. This needs to get a whole lot safer whether by design, forced up by the companies, or government themselves.
Leave a comment »