A threat actor was able to exploit an inappropriately scoped GitHub token in the managed AWS CodeBuild development tool, and with that, commit malicious code into the extension's open source code ...