A critical misconfiguration in AWS CodeBuild has allowed attackers to seize control of core AWS GitHub repositories, including the JavaScript SDK that underpins the AWS Console.
A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories before fixes in Sep 2025.
The Register on MSN
A simple CodeBuild flaw put every AWS environment at risk – and pwned the central nervous system of the cloud
And it's 'not unique to AWS,' researcher tells The Reg A critical misconfiguration in AWS's CodeBuild service allowed ...
Wiz researchers investigated and found the core of the flaw, a threat actor ID bypass due to unanchored regexes, and notified AWS. Within 48 hours, that hole was plugged, AWS said in a statement ...
AWS has published further details of an incident involving one of its artificial intelligence development tools, which saw an unknown threat actor inject a malicious prompt into a source code ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results