Find notable cyber news and cases, enriched with sources, timelines, and signals.

AWS CodeBuild ACTOR_ID regex bypass security flaw

Vulnerability
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

AWS CodeBuild's ACTOR_ID regex filters were misconfigured, allowing a build-trigger bypass that could expose privileged GitHub tokens and enable repository takeover. The flaw affected AWS-managed repositories including aws-sdk-js-v3, aws-lc, amazon-corretto-crypto-provider, and awslabs/open-data-registry. Attackers who obtained a predictable actor ID could push malicious code, approve pull requests, and create supply-chain attack risk across AWS environments. AWS said it fixed the issue in September 2025 after responsible disclosure on August 25, 2025, and reported no evidence of exploitation in the wild.

Related Happenings

Amazon Q Developer MCP trust flaw (CVE-2026-12957)

Vulnerability
H score32 First: 26.06.2026 16:53 Last: 26.06.2026 16:53 Sources 1

About this happening: **Amazon Q Developer** had a **high-severity** trust-boundary flaw in **MCP server** handling that could let a malicious repository trigger commands on a developer machine and ste...

AWS Continuum launches AI-powered vulnerability management lifecycle platform

Security Tool/Service
H score14 First: 19.06.2026 14:00 Last: 19.06.2026 14:00 Sources 1

About this happening: **AWS Continuum** launched in **gated preview** as a new **AI-powered vulnerability management platform** for AWS environments, expanding security teams’ ability to manage code fl...

Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw

Vulnerability
H score1 First: 16.06.2026 22:05 Last: 16.06.2026 22:05 Sources 1

About this happening: **Google Cloud Vertex AI SDK for Python** had a **predictable temporary bucket** flaw that let an attacker hijack model uploads and reach **code execution** inside Google's servin...

CISA contractor GitHub repository exposed internal credentials

Data Leak
H score28 First: 18.05.2026 23:48 Last: 18.05.2026 23:48 Sources 1

About this happening: A **CISA contractor** left a public **GitHub repository** exposing **AWS GovCloud credentials** and internal access material, creating a serious **data leak** involving sensitive...

Latest development: 22.05.2026 19:34

On May 19, Sen. Maggie Hassan and Rep. Bennie Thompson, with Rep. Delia Ramirez co-signing Thompson’s letter, sent separate letters to CISA demanding answers about the Private-CISA GitHub leak and warning that the credential exposure raised serious concerns about CISA’s internal policies, contract support, and security culture.

GitHub git push RCE (CVE-2026-3854)

Vulnerability
H score27 First: 29.04.2026 15:41 Last: 29.04.2026 15:41 Sources 1

About this happening: GitHub patched **CVE-2026-3854**, a critical **remote code execution** flaw affecting **GitHub.com** and **GitHub Enterprise Server** that could expose **millions of private repos...

Timeline

  1. 15.01.2026 21:31 1 articles · 5mo ago

    Responsible disclosure of CodeBreach in AWS CodeBuild

    Initial Disclosure

    Cloud security researchers disclosed that AWS CodeBuild webhook actor-ID regex filters for AWS-managed GitHub repositories were missing the ^ and $ anchors, allowing a superstring GitHub user ID to bypass trust checks and trigger privileged builds that could expose GitHub admin tokens and enable repository takeover.

    Show sources
  2. 15.01.2026 21:31 2 articles · 5mo ago

    AWS remediates CodeBreach and adds build-process mitigations

    Mitigation Patch Update

    AWS said it fixed the CodeBreach misconfiguration, rotated credentials, and added build-process mitigations for GitHub tokens in memory while stating it found no evidence of in-the-wild exploitation; AWS also recommended anchored regex patterns, the Pull Request Comment Approval build gate, CodeBuild-hosted runners, and least-privilege PATs.

    Show sources