Cybernews

AWS dodges massive cyber disaster: every account was in danger

Wiz Research discovered and responsibly disclosed a critical vulnerability in AWS CodeBuild that could have led to a massive platform-wide compromise.
InfoWorld

Possible software supply chain attack through AWS CodeBuild service blunted

Wiz researchers investigated and found the core of the flaw, a threat actor ID bypass due to unanchored regexes, and notified ...
InfoWorld

Gleam update shines on external types

Type-safe language for the Erlang VM and JavaScript runtimes now supports external annotations for external types.
The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...