CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild

Wiz Research disclosed 'CodeBreach', a critical vulnerability in AWS CodeBuild caused by unanchored ACTOR_ID regex filters that allowed attackers to register GitHub bot accounts whose numeric IDs contained trusted maintainer IDs, bypass builds gating and trigger CI runs on malicious pull requests. In a proof-of-concept the researchers triggered a build, dumped memory to steal a GitHub PAT with admin privileges, and took over the aws-sdk-js-v3 repository, demonstrating a high-impact supply-chain risk; AWS quickly mitigated the issue and implemented additional hardening.