A critical vulnerability in the AWS Console, identified by Wiz researchers, could have led to a significant supply chain attack. Named CodeBreach, this flaw had the potential to allow attackers to seize control of core AWS GitHub repositories, particularly the AWS JavaScript SDK. This SDK is widely used, installed in about two-thirds of cloud environments, making the risk substantial. The vulnerability stemmed from a minor error in Regex filters within AWS CodeBuild CI pipelines, where just two missing characters opened a door for unauthenticated attackers to compromise the build environment. Wiz disclosed the issue to AWS in August 2025, prompting immediate remediation efforts. AWS implemented a Pull Request Comment Approval build gate, which helps organizations block untrusted builds. Although AWS confirmed that no customer environments had been compromised, they took steps like credential rotations and audits of other AWS-managed repositories to address potential future threats. The investigation into this vulnerability was spurred by a previous attempted supply chain attack on the Amazon Q VS Code extension, which highlighted similar risks. Experts point out that the discovery of CodeBreach highlights a troubling trend in supply chain security. Janet Worthington from Forrester emphasized that overlooked pipeline logic can create significant vulnerabilities, allowing attackers to bypass traditional defenses like credential protection. Wiz researchers recommend that users take proactive measures, including creating unique personal access tokens for each CodeBuild project and enabling the Pull Request Comment Approval build gate. This situation underscores the necessity for vigilance in managing build environments and securing code repositories.