**Risky Business #821: Wiz Researchers Uncover AWS CodeBuild Flaw that Could Have Exposed Every Customer**

A recent discovery by Wiz researchers has shed light on a critical flaw in Amazon Web Services' (AWS) CodeBuild, a service that automates the build process for software applications. The vulnerability, if exploited, could have allowed attackers to gain unauthorized access to every AWS customer's build environment.

The finding comes as cybersecurity experts continue to sound the alarm about the increasing sophistication of cyber threats. In recent weeks, we've seen a spate of high-profile attacks targeting major organizations and government agencies. From the devastating ransomware attack on Colonial Pipeline to the daring operation to extract Venezuelan President Maduro from Venezuela, it's clear that nation-state actors are pushing the boundaries of what's possible in cyberspace.

According to Wiz researchers, the flaw in AWS CodeBuild was discovered through a combination of manual testing and automated scanning. The vulnerability allowed attackers to gain elevated privileges and access sensitive information, including build logs and source code. If exploited, this could have enabled a range of malicious activities, from data exfiltration to code modification.

While AWS has since patched the vulnerability, the incident serves as a stark reminder of the risks associated with cloud computing. As more organizations shift their operations to the cloud, they must be aware of the potential for vulnerabilities and take proactive steps to mitigate them.

**A Glimpse into the World of Advanced Cyber Threats**

Meanwhile, researchers at Check Point have identified a new Linux malware that's "far more advanced than typical" in its capabilities. The malware, dubbed VoidLink, uses AI-generated code to evade detection and compromise network devices. This development marks a significant escalation in the cat-and-mouse game between threat actors and security vendors.

Furthermore, researchers at Check Point have discovered evidence that suggests the era of advanced AI-generated malware has begun. With VoidLink, we're witnessing a new level of sophistication in cyber threats, one that requires us to rethink our approach to detection and prevention.

**Other Developments in Cybersecurity**

* **Critical Flaw in Fortinet FortiSIEM**: A critical flaw in Fortinet's FortiSIEM has been targeted by threat actors. The vulnerability, CVE-2025-64155, allows attackers to gain unauthorized access to sensitive information. * **Windows 11 Shutdown Bug**: Microsoft is facing damage control after a bug was discovered that causes Windows 11 devices to shut down unexpectedly. * **Jordanian Initial Access Broker Pleads Guilty**: A Jordanian national has pleaded guilty to helping target over 50 companies with initial access attacks.

**Conclusion**

As we navigate the complex landscape of cybersecurity, it's essential to remain vigilant and adapt to emerging threats. The discoveries by Wiz researchers and Check Point serve as a reminder that even the most sophisticated security measures can be breached. By staying informed and proactive, we can better protect ourselves against the risks associated with cloud computing and advanced cyber threats.