News

SecurityWeek5d
Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications
Base44 owner Wix quickly patched a critical authentication bypass vulnerability discovered by researchers at Wiz.
The Hacker News6d
Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44
The shortcoming unearthed by Wiz in Base44 concerns a misconfiguration that left two authentication-related endpoints exposed without any restrictions, thereby permitting anyone to register for ...
Vulnerability Uncovered In Wix Vibe Coding Platform
A critical vulnerability was discovered in Wix's vibe coding platform that exposed apps to the risk of compromise.
Antivirus vendors fail to spot persistent, nasty, stealthy Linux backdoor
Researchers at German infosec services company Nextron Threat have spotted malware that creates a highly-persistent Linux ...
Google Developing Wear OS Feature to Bypass Android Phone PINs
Google is developing a feature that could allow Wear OS smartwatches to unlock Android phones without requiring a PIN or ...
SonicWall investigates 'cyber incidents,' including ransomware targeting suspected 0-day
SonicWall on Monday confirmed that it's investigating a rash of ransomware activity targeting its firewall devices, following ...
How attackers are still phishing "phishing-resistant" authentication
Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth ...
Threat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attack
A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in ...
Landline identity theft leads to major bank fraud
Scammers use number porting to take control of outdated landlines still connected to financial accounts, bypassing two-factor ...
HPE warns hardcoded passwords in Aruba hardware could pose a major security risk
HPE has patched a critical-severity vulnerability in its Aruba Instant On Access Points which could have allowed threat ...
Hackers can bypass FIDO MFA keys, putting your accounts at risk - here's what we know
Hackers have found a way to steal login credentials even for accounts protected with Fast IDentity Online (FIDO) physical keys. It revolves around a fallback created in these multi-factor ...
iOS 18.6 Patches Zero-Day Flaw Exploited In Chrome Attacks
Apple's release notes for iOS 18.6 aren't very exciting, but it turns out that the update patches a serious Chrome zero-day ...