The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories before fixes in Sep 2025.

Critical AWS supply chain vulnerability could have let hackers take over key GitHub repositories

The vulnerability was spotted in August 2025, so users should patch now.
Infosecurity-magazine.com

CodeBuild Flaw Put AWS Console Supply Chain At Risk

A critical misconfiguration in AWS CodeBuild has allowed attackers to seize control of core AWS GitHub repositories, including the JavaScript SDK that underpins the AWS Console. The issue, dubbed ...
InfoWorld

Possible software supply chain attack through AWS CodeBuild service blunted

An AWS misconfiguration in its code building service could have led to a massive number of compromised key AWS GitHub code repositories and applications, say researchers at Wiz who discovered the ...
ITmedia

GitHubが先行し、GitLab・Google Cloud・AWSが追いかける ガートナーが主要 ...

この記事は新野淳一氏のブログ「Publickey」に掲載された「主要なAIコードアシスト機能の比較。GitHubが先行し、GitLab/Google Cloud/AWSが追いかける。ガートナーがマジッククアドラントを発表」(2024年9月11日掲載)を、ITmedia NEWS編集部で一部編集し、転載した ...