AWS CodeBuild is a technology platform tracked across 4 threat clusters and 4 intelligence report mentions on ThreatCluster. First observed December 2, 2025; most recent activity January 25, 2026.
AWS CodeBuild is AWS's managed continuous integration/continuous deployment (CI/CD) service that builds and tests code in cloud-based containers. It plays a central role in many software supply chains, so compromises or abuse of CodeBuild environments can enable malicious artifacts, credential exposure, or leakage within automated build and deployment pipelines—making it a notable target in cybersecurity.
A critical vulnerability known as CodeBreach was identified in the AWS Console, allowing potential attackers to take control of core AWS GitHub repositories, including the AWS JavaScript SDK. This misconfiguration in…
A critical misconfiguration in AWS CodeBuild allowed unauthenticated attackers to gain control of AWS-owned GitHub repositories, including the AWS JavaScript SDK. This supply chain vulnerability posed a risk of…
AWS has acknowledged a critical vulnerability, dubbed CodeBreach, affecting some of its open-source GitHub repositories. This flaw, identified by Wiz Security's research team, could have allowed the introduction of…
A new wave of the Shai-Hulud malware has compromised nearly 500 npm packages, affecting over 26,000 GitHub repositories. This self-replicating worm, which targets developers' credentials and secrets, has been linked to…