TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Security researchers at Wiz discovered a critical vulnerability in AWS CodeBuild that could have enabled complete takeover of AWS GitHub repositories and affected every AWS environment globally. The flaw, dubbed CodeBreach, stemmed from unanchored regex patterns in webhook filters that were supposed to protect against untrusted pull requests. By exploiting this misconfiguration, researchers gained admin-level access to AWS SDK repositories and could have injected malicious code affecting 66% of cloud environments. AWS fixed the issue within 48 hours of disclosure in August 2025, preventing what could have been a supply chain attack larger than SolarWinds. The vulnerability highlights a broader blind spot in CI/CD security affecting all major cloud providers.

A simple CodeBuild flaw put every AWS environment at risk