A subtle flaw, a massive blast radius. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Tech News, News, Daily News, Technology

4.8 • 1.1K Ratings

🗓️ 21 March 2026

⏱️ 18 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Yuval Avrahami from Wiz joins to share their work on "CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild." Wiz Research uncovered “CodeBreach,” a critical supply chain vulnerability caused by a subtle misconfiguration in AWS CodeBuild pipelines that allowed attackers to take over key GitHub repositories, including the widely used AWS JavaScript SDK that powers the AWS Console. By exploiting an unanchored regex filter, unauthenticated attackers could trigger privileged builds, steal credentials, and potentially inject malicious code into software used across a majority of cloud environments. AWS has since remediated the issue and introduced stronger safeguards, but the incident highlights a growing trend of attackers targeting CI/CD pipelines where small misconfigurations can lead to massive downstream impact. The research can be found here: CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:10.2	Ever wished you could rebuild your network from scratch to make it more secure, scalable, and simple?
0:18.7	Meet Meter, the company reimagining enterprise networking from the ground up.
0:23.7	Meter builds full-stack, zero-trust networks, including hardware, firmware, and software,
0:29.6	all designed to work seamlessly together. The result? Fast, reliable, and secure connectivity
0:35.7	without the constant patching, vendor juggling, or hidden costs.
0:40.4	From wired and wireless to routing, switching firewalls, DNS security, and VPN,
0:46.3	every layer is integrated and continuously protected in one unified platform.
0:51.4	And since it's delivered as one predictable monthly service, you skip the
0:55.9	heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to
1:02.0	make switching effortless. Transform complexity into simplicity and give your team time to focus on what
1:08.7	really matters, helping your business and customers thrive.
1:12.7	Learn more and book your demo at meter.com slash cyberwire.
1:17.7	That's M-E-T-E-R dot com slash Cyberwire. Hello, everyone and welcome to the CyberWires Research Saturday.
1:39.1	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities,
1:47.1	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:52.9	Thanks for joining us.
1:59.7	What actually brought it to our attention was an actual threat actor that managed to take over an AWS GitHub repository using another codebid issue.
2:11.6	We saw this and he thought it's pretty insane that it's possible to do something like that, and that what originally led us to look in this direction that's Yovol Avrahami
2:22.3	vulnerability researcher at WIS the research we're discussing today is titled code breach
2:28.3	infiltrating the AWS console supply chain and hijacking AWS GitHub repositories via code build.
2:41.0	Well, before we dig into Codebreach itself, could you explain to us how is AWS code build normally used and what makes it an attractive target?
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.