AWS CodeBuild Misconfiguration Exposed Admin Access

Hey there,

Happy Friday🥳!

Before you wrap the week, here’s a quick drop of things worth checking out.

📰Top Picks:

Three Moves Every CISO Must Make in 2026
Operational downtime is often the most expensive consequence of a cyberattack. See how CISOs can reduce dwell time, cut analyst noise, and close the gap between detection and response to keep operations running. Read more.

AWS CodeBuild Webhook Misconfiguration Exposed Admin Access Risk
A small regex misconfiguration in CodeBuild webhooks could have let attackers push code into several AWS-managed GitHub repositories. No exploitation was found, but it’s a sharp reminder that CI/CD security often fails at the configuration layer. Read more.

GitHub Copilot Gets Custom Agents for .NET Developers
Microsoft and GitHub introduced C# Expert and WinForms Expert agents to guide Copilot with modern best practices and safer UI development. It’s a move toward more specialized, repo-aware AI helpers instead of one-size-fits-all coding assistants. Read more.

Java Devs Want Someone Else to Handle Container Security
Nearly half of Java developers say they would rather rely on hardened container images than manage container security themselves. The gap between security priorities and real-world tooling is still wide. Read more.

Claude Code Adds Built-In Security Reviews
Anthropic introduced a terminal command and GitHub Action that scan code for vulnerabilities before it reaches production. It’s another step toward making security a default part of AI-assisted development. Read more.

Ingress NGINX Is Being Retired. Half of Kubernetes Users Are at Risk
Ingress NGINX will stop receiving bug fixes and security patches in March 2026. If your clusters rely on it, migration planning can’t wait, because there are no drop-in replacements and the risk of staying put is real. Read more.

Malicious Chrome Extensions Are Stealing Affiliate Revenue and ChatGPT Tokens
Researchers found dozens of Chrome extensions quietly hijacking affiliate links, exfiltrating data, and even stealing ChatGPT authentication tokens. It’s another reminder that browser extensions have become a serious enterprise attack surface. Read more.

Open-Source Coding Agents Just Got Accessible
Ai2’s new open-source SERA models let teams train coding agents on their own codebases for a few hundred dollars. It’s a big shift toward cheaper, customizable, repository-aware agents that actually understand how your systems work. Read more.

OpenAI Is Retiring Several ChatGPT Models
GPT-4o, GPT-4.1, and a handful of other ChatGPT models are being sunset in February, despite some users preferring their style. Another reminder that popular AI models can disappear faster than expected. Read more.

Google’s Project Genie Turns Prompts into Playable 3D Worlds
Google’s experimental Project Genie lets users explore AI-generated 3D environments created from text or images. It’s an early glimpse at world-model AI that could reshape prototyping and game development. Read more.

Gemini CLI Gets Hooks for Agentic Workflows
Google added hooks to Gemini CLI, letting developers run scripts inside the agent loop for tasks like security scans, logging, or context injection. It brings Gemini closer to Claude Code’s hook-based approach for customizable AI development. Read more.

🗓️ Upcoming Events

Mark your calendars!

• ContainerDays London (11-12 February 2026, London, UK): A practitioner-focused conference dedicated to cloud native technologies, containers, Kubernetes, and modern infrastructure. Register here.

• HashiTalks 2026 (19-20 February 2026): A community-driven event centered on HashiCorp tools and infrastructure automation. Register here.

• Kubernetes Community Day – New Delhi (21 February, 2026):
  Dive into talks, discussions, and networking opportunities to foster community engagement and knowledge sharing. Register here.

• Site Reliability, DevOps and Cloud (26 February 2026): A conference focused on practical approaches to site reliability engineering, DevOps culture, and cloud operations. Register here.

• Cloud & AI Infrastructure London (4 - 5 March 2026 Excel London): Cloud & AI Infrastructure London is a large-scale event exploring the technologies that power modern cloud platforms and artificial intelligence workloads. Register here.

• Site Reliability, DevOps and Cloud (12 March 2026): A conference focused on practical approaches to site reliability engineering, DevOps culture, and cloud operations. Register here.

• KubeCon + CloudNativeCon Europe 2026 (23-26 March): KubeCon is back in Amsterdam from 23–26 March, bringing platform teams and cloud-native practitioners together for hands-on sessions, case studies, and ecosystem updates. Register here.

• SRECon26 America (24-26 March, Seattle, USA): A premier conference for professionals designing and operating large-scale, reliable systems. Register here.

Opportunities:

• DevOps Engineer at Social Discovery Group - Worldwide (Remote)

• SecOps Engineer II at Torc Robotics - Remote

• DevOps Engineer at Reality Defender - USA (Remote)

• Solutions Engineer - IAM/IGA at CyberARK - Remote

• Cloud Security Engineer at Netrix Global - Remote

•  Senior Staff Site Reliability Engineer (COR) at Outreach - Prague, Czechia (Hybrid)

• DevOps Engineer at Valarian Technologies - London (Hybrid)

• Staff Site Reliability Engineer at Zscaler - Netherlands (Remote)

• Senior DevOps Engineer at Software Mind - Argentina (Remote)

•  Platform Engineer at Qodea - Romania (Remote)

• Senior Site Reliability Engineer - Nigeria (Remote)

• Configuration/DevOps Engineer at Veeam - Poland (Remote)

• DevOps Engineer at Totara - Wellington, NZ (Remote)