
A subtle flaw, a massive blast radius.
From Research Saturday by N2K Networks
March 21, 2026 · 17 min · Season 10 · Episode 417
About this episode
Yuval Avrahami discusses a critical supply chain vulnerability in AWS CodeBuild that allows attackers to hijack GitHub repositories.
Yuval Avrahami from Wiz joins to share their work on "CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild." Wiz Research uncovered “CodeBreach,” a critical supply chain vulnerability caused by a subtle misconfiguration in AWS CodeBuild pipelines that allowed attackers to take over key GitHub repositories, including the widely used AWS JavaScript SDK that powers the AWS Console. By exploiting an unanchored regex filter, unauthenticated attackers could trigger privileged builds, steal credentials, and potentially inject malicious code into software used across a majority of cloud environments. AWS has since remediated the issue and introduced stronger safeguards, but the incident highlights a growing trend of attackers targeting CI/CD pipelines where small misconfigurations can lead to massive downstream impact. The research can be found here: CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild Learn more about your ad choices. Visit megaphone.fm/adchoices
People in this episode
Guest: Yuval Avrahami
Topics covered
- AWS vulnerabilities
- supply chain security
- CodeBuild
- CI/CD pipelines
- cloud security
Keywords
- CodeBreach
- AWS CodeBuild
- supply chain vulnerability
- GitHub repositories
- cloud environments
- misconfiguration
- CI/CD pipelines
Mentioned in this episode
Organizations: Wiz, AWS
Products: AWS JavaScript SDK
Books & works: CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
More episodes of Research Saturday
- The skills pay the bills. · May 30, 2026 · 24 min
- Ghosted by Grafana · May 23, 2026 · 26 min
- Scam papers served. · May 16, 2026 · 27 min
- The spy who logged me in. · May 9, 2026 · 24 min
- Double-edged threat. · May 2, 2026 · 31 min
- A QRazy clever scam. · April 25, 2026 · 19 min
Explore listener stats, chart rankings, contacts and more on the Research Saturday podcast page.