Latest Intelligence
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44
Cybersecurity researchers have identified a critical security flaw in the Base44 vibe coding platform that could enable unauthorized access to user-built private applications. The vulnerability was easy to exploit, requiring only a non-secret app_id value to access undocumented endpoints. Read Original »
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
The Python Package Index (PyPI) has alerted users about a phishing campaign that involves fake verification emails sent from a lookalike domain. These emails aim to mislead users into visiting fraudulent PyPI sites. Read Original »
The Hidden Threat of Rogue Access
The article emphasizes the importance of implementing Identity Governance and Administration (IGA) tools along with effective governance policies to identify and mitigate rogue access in enterprises. By setting appropriate risk thresholds, organizations can proactively detect and respond to potential security threats before they are exploited by attackers. Read Original »
Critical Flaw in Vibe-Coding Platform Base44 Exposed Apps
A critical authentication flaw on the Base44 vibe-coding platform allowed unauthorized users to access private applications. This vulnerability has since been patched, but it raised significant security concerns for users of the platform. Read Original »
Seal Security Raises $13 Million to Secure Software Supply Chain
Seal Security, an open source security firm, has secured $13 million in funding to bolster its market presence and expedite the expansion of its platform. This investment aims to enhance efforts in securing the software supply chain. Read Original »
Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims
A new ransomware-as-a-service group called Chaos has emerged, likely composed of former members of the BlackSuit crew following a law enforcement takedown. This group is engaging in big-game hunting and double extortion attacks, demanding $300K from victims in the U.S. Read Original »
Promptfoo Raises $18.4 Million for AI Security Platform
Promptfoo has successfully raised $18.4 million in Series A funding to enhance security measures for large language models (LLMs) and generative AI applications. This funding aims to assist organizations in safeguarding their AI technologies against potential vulnerabilities. Read Original »
Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm
Researchers have identified serious security vulnerabilities, including backdoors and malicious code, in popular development tools, which pose a significant risk to software supply chains. These findings highlight the ongoing threats within the software development ecosystem. Read Original »
CISA Releases Part One of Zero Trust Microsegmentation Guidance
CISA has released guidance on microsegmentation as part of its efforts to assist Federal Civilian Executive Branch agencies in implementing zero trust architectures. This guidance highlights the importance of microsegmentation in reducing attack surfaces and enhancing network security while providing a foundation for future technical implementation resources. Read Original »
CISA Releases Five Industrial Control Systems Advisories
CISA has released five advisories addressing security vulnerabilities in various Industrial Control Systems (ICS), providing critical updates and mitigation strategies. These advisories aim to inform users and administrators about the current security landscape affecting ICS products. Read Original »
National Instruments LabVIEW
National Instruments LabVIEW has vulnerabilities related to improper restriction of operations within the bounds of a memory buffer, affecting versions 2025 Q1 and prior. Successful exploitation could lead to arbitrary code execution and invalid memory reads. Read Original »
Delta Electronics DTN Soft
Delta Electronics' DTN Soft has a vulnerability related to deserialization of untrusted data, allowing attackers to execute arbitrary code using specially crafted project files. The vulnerability affects versions 2.1.0 and prior, and a CVE identifier has been assigned. Read Original »
Samsung HVAC DMS
The article details multiple vulnerabilities in Samsung's HVAC DMS software, which could allow unauthenticated remote code execution and unauthorized file access. These vulnerabilities include execution after redirect, deserialization of untrusted data, and various path traversal issues, posing significant risks to users. Read Original »
CISA Releases Part One of Zero Trust Microsegmentation Guidance
CISA has released guidance on microsegmentation as part of its Zero Trust architecture implementation for Federal Civilian Executive Branch agencies. This guidance outlines the importance of microsegmentation in enhancing network security by reducing attack surfaces and limiting lateral movement within networks. Read Original »
CISA and Partners Release Updated Advisory on Scattered Spider Group
CISA and its partners have released an updated advisory on the Scattered Spider cybercriminal group, which targets commercial facilities using various tactics, including ransomware and social engineering techniques. The advisory outlines the group's tactics, techniques, and procedures (TTPs) and provides recommendations for organizations to enhance their cybersecurity defenses. Read Original »