CyberSecurityBoard
Sponsor Register Login

AI Vibe Coding Platform Hacked - Logic Flaw Exposes Private App Access

A severe authentication bypass vulnerability in Base44, a popular AI-powered vibe coding platform recently acquired by Wix, could have allowed attackers unauthorized access to private enterprise applications and sensitive corporate data. Attackers could leverage undocumented API endpoints /api/apps/{app_id}/auth/register and /api/apps/{app_id}/auth/verify-otp to create verified accounts for private applications, effectively bypassing all authentication controls, including Single Sign-On (SSO) protections. The vulnerability’s impact extended beyond individual applications due to the vibe coding platforms’ shared infrastructure model, where all customer applications inherit the vendor’s security posture. During the research period, multiple enterprise applications were confirmed vulnerable, including internal chatbots, knowledge bases, and HR operations systems containing personally identifiable information (PII). The company confirmed no evidence of malicious exploitation during the vulnerable period and has since verified that proper validation now prevents unauthorized registration attempts on private applications.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 31 Jul 2025 02:45:21 +0000


Cyber News related to AI Vibe Coding Platform Hacked - Logic Flaw Exposes Private App Access

Vibe Coding Is the New Open Source - The article "Vibe Coding Is the New Open Source" explores a fresh paradigm in collaborative software development that transcends traditional open-source models. Vibe coding emphasizes real-time, synchronous collaboration where developers share not ...
2 months ago Wired.com
Security Concerns Shadow Vibe Coding Adoption - The adoption of Vibe coding, a new programming approach, is raising significant security concerns within the application security community. As organizations increasingly integrate Vibe coding into their development processes, experts warn about ...
2 months ago Darkreading.com
AI Coding Tools: How to Address Security Issues - In 2022, a surge of AI-based coding assistants revolutionized the software development landscape. Even though organizations everywhere are using AI-based coding, there remains a tug-of-war within organizations between the benefits and security fears ...
2 years ago Securityboulevard.com
AI Vibe Coding Platform Hacked - Logic Flaw Exposes Private App Access - A severe authentication bypass vulnerability in Base44, a popular AI-powered vibe coding platform recently acquired by Wix, could have allowed attackers unauthorized access to private enterprise applications and sensitive corporate data. Attackers ...
4 months ago Cybersecuritynews.com
Google takes on Cursor with Firebase Studio, its AI builder for vibe coding - Google has quietly launched Firebase Studio, which is a cloud-based AI-powered integrated development environment that lets you build full-fledged apps using prompts. According to documents seen by BleepingComputer, Firebase Studio supports many ...
8 months ago Bleepingcomputer.com
A Framework for Maintaining Code Security With AI Coding Assistants - Today, there are countless AI coding assistants available that promise to lighten developers' loads. It's an issue that software development firms and solo coders are only beginning to come to grips with. Either use AI coding assistants and accept ...
1 year ago Feeds.dzone.com
New Slopsquatting Attack Leverage Coding Agents Workflows to Deliver Malware - Researchers have identified a sophisticated new supply-chain threat targeting AI-powered development workflows, where malicious actors exploit coding agents‘ tendency to “hallucinate” non-existent package names to distribute ...
5 months ago Cybersecuritynews.com
Google says everyone will be able to vibe code video games - Google has announced a groundbreaking development that will enable everyone to code video games using Vibe, a new tool designed to simplify game development. This initiative aims to democratize game creation by providing an accessible platform that ...
1 month ago Bleepingcomputer.com
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
2 years ago Darkreading.com CVE-2023-49103 CVE-2023-49105 CVE-2023-49104
Revolutionize Sustainability with AI, Observability, and Cisco Tech - As the Vice President of an organization deeply committed to technological advancements and environmental sustainability, I am thrilled to announce an exciting coding challenge. Our Build for Better coding challenge invites you to be at the forefront ...
1 year ago Feedpress.me
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
1 year ago Bleepingcomputer.com
Latest Information Security and Hacking Incidents - Private cloud providers may be among the primary winners of today's generative AI gold rush, as CIOs are reconsidering private clouds, whether on-premises or hosted by a partner, after previously dismissing them in favour of public clouds. At the ...
1 year ago Cysecurity.news
CVE-2025-29154 - HTML injection vulnerability in lemeconsultoria HCM galera.app v.4.58.0 allows an attacker to execute arbitrary code via the .galera.app/ted/solicitacao_treinamento/, .galera.app/rh/metas/perspectiva_estrategica/edicao/, ...
7 months ago
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
1 year ago Go.theregister.com
SEC confirms X account was hacked in SIM swapping attack - The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. Earlier this month, the SEC's X account was hacked to issue a fake ...
1 year ago Bleepingcomputer.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
1 year ago Bleepingcomputer.com
Microsoft open-sources VS Code Copilot Chat extension on GitHub - GitHub Copilot Chat is an AI assistant extension for VS Code, allowing developers to chat with a GPT4-based model inside the editor to get help with coding tasks. With the Copilot Chat extension now publicly available on GitHub, developers are ...
5 months ago Bleepingcomputer.com
10 Best ZTNA Solutions (Zero Trust Network Access) in 2025 - Google BeyondCorp Enterprise delivers Zero Trust security through a cloud-native platform, enabling secure access to applications without VPNs. Check Point ZTNA is a leading Zero Trust solution designed for organizations seeking comprehensive, ...
5 months ago Cybersecuritynews.com
Secure Financial Apps: Proactive Measures - People are using multiple apps to transfer, invest, and save money as per their requirements. These are some of the scenarios within a financial app where cybersecurity can play a key role in averting fraudulent transactions. Of late, a lot of ...
2 years ago Feeds.dzone.com
CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
1 year ago
Slow Pisces Hackers Attacking Developers With Coding Challenges & Python Malware - Security experts recommend developers implement strict code execution policies, employ isolated development environments, and exercise caution when running code from external sources, even when it appears to come from legitimate coding platforms or ...
8 months ago Cybersecuritynews.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
The Real Deal About ZTNA and Zero Trust Access - For the last several years, zero trust network access has become the common term to describe this type of approach for securing remote users as they access private applications. Zero trust network access is based on the logical security philosophy of ...
1 year ago Feedpress.me
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Multi-Cloud vs. Hybrid Cloud: The Main Difference - The proliferation of cloud technologies is particularly confusing to businesses new to cloud adoption, and they're sometimes baffled by the distinction between multi-cloud and hybrid cloud. Although the public cloud infrastructure and public cloud ...
2 years ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)