A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'

A critical misconfiguration in AWS's CodeBuild service allowed complete takeover of the cloud provider's own GitHub ...
Cryptopolitan on MSN

DeFi protocol Morpho shuts down Discord amid rampant scams on public channels

The Morpho decentralized lending protocol has announced its Discord channel will change to a “read-only” mode, joining ...
Techzine Europe

CodeBreach enables takeover of AWS GitHub repositories

Wiz discovered a critical vulnerability in AWS CodeBuild that allowed attackers to access core AWS repositories, including ...
InfoWorld

Possible software supply chain attack through AWS CodeBuild service blunted

Wiz researchers investigated and found the core of the flaw, a threat actor ID bypass due to unanchored regexes, and notified ...
GovInfoSecurity

Cryptohack Roundup: UK Crypto Firms Tied to Iran Sanctions

This week, U.K. crypto exchanges linked to Iranian sanctions evasion, NodeCordRAT malware spread via npm, an FBI alert on ...
CSO Online

Researchers warn of long‑running FortiSIEM root exploit vector as new CVE emerges

The latest phMonitor vulnerability continues a multiyear pattern of unauthenticated command‑injection flaws in Fortinet’s ...