Critical AWS CodeBuild Vulnerability and Recent Cybersecurity Threats Uncovered

The Whiz team discovered a vulnerability in AWS CodeBuild that allowed control over critical AWS libraries. The issue stemmed from malformed regex filters in the actor ID filter, enabling any GitHub ID containing approved values to be accepted. By strategically creating GitHub accounts with specific numeric IDs (around 200,000 new IDs generated daily), they infiltrated the AWS-SDK-js-v3 repository and obtained a GitHub personal access token with full admin privileges. AWS resolved the issue within 48 hours. Additionally, N8N was affected by four critical CVEs (two with a CVSS score of 9.9 and two with 10) over two weeks. A malicious npm campaign targeted N8N users via fake Google Ads integration nodes exfiltrating OAuth credentials. Mandiant released rainbow tables to crack NetNTLMv1 hashes, a protocol proven insecure since 1999. Node.js issued a mitigation for CVE-2025-59466 (CVSS 7.5) related to async hooks causing stack overflows. Checkpoint also uncovered a new Linux malware framework linked to China.