Critical Authentication Flaw Identified in Base44 Vibe Coding Platform
Wiz Research found a critical authentication flaw in Base44’s “vibe coding” platform, recently acquired by Wix, letting attackers bypass SSO and access private apps using only a public app ID. The issue came from exposed API endpoints that didn’t need authentication, affecting apps with sensitive enterprise data. Wix patched the flaw within 24 hours and says there’s no sign of exploitation, but Wiz notes broader risks in low-code AI development platforms, where basic security controls can fail across shared infrastructure.
French telecom giant Orange discloses cyberattack
French telecom giant Orange disclosed a cyberattack on one of its information systems, detected and isolated on July 25th by Orange Cyberdefense. The incident caused temporary service disruptions for some French customers, though no data theft has been confirmed. No attacker has been identified either, but the breach has similarities to recent global telecom intrusions linked to China’s Salt Typhoon cyber-espionage group.
FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation
The FBI seized over $2.4M in Bitcoin from a member of the new Chaos ransomware operation, now traced to attacks on Texas-based companies. The funds were tied to an affiliate known as “Hors” and confiscated on April 15th. The DOJ filed a civil forfeiture complaint on July 24th to claim permanent ownership. As we covered in Tuesday’s show, this Chaos group is believed to be a rebrand of BlackSuit ransomware, itself an offshoot of the defunct Conti gang. The seizure follows law enforcement pressure and recent takedowns of ransomware infrastructure linked to BlackSuit.
Poland says more than 30 suspects face trial over pro-Russian sabotage
Poland arrested 32 individuals from multiple nationalities, including Polish, Russian, Ukrainian, Belarusian, and Colombian, for allegedly conducting sabotage and arson attacks on behalf of Russian intelligence since the start of the war in Ukraine. One Colombian suspect has already been convicted in the Czech Republic for a series of arson attacks tied to a broader Russian hybrid warfare campaign using Telegram to recruit operatives. Poland’s Prime Minister Donald Tusk warned that any efforts to destabilize the country would be met with ruthless action.
Huge thanks to our episode sponsor, Dropzone AI
FBI, CISA warn about Scattered Spider’s evolving tactics
The FBI and CISA issued an updated advisory warning that Scattered Spider remains a serious threat, using sophisticated social engineering and intrusion tactics including phishing, MFA fatigue, SIM-swapping, and ransomware like Dragonforce to breach systems, including encrypting VMWare ESXi servers. Despite recent arrests tied to the gang, U.S., U.K., Canadian, and Australian authorities emphasized that Scattered Spider’s evolving techniques continue to pose a big risk to national security and critical infrastructure.
(Cybersecurity Dive) (CISA.gov)
Nimble ‘Gunra’ Ransomware Evolves With Linux Variant
The Gunra ransomware group released a sophisticated Linux variant capable of encrypting files using up to 100 concurrent threads, a pretty big evolution from its original Windows-targeting malware. Trend Micro researchers say the variant supports partial encryption and configurable settings, giving attackers greater control and speed. After gaining notoriety for high-profile breaches, the group is now apparently targeting diverse industries across multiple countries.
Auto-Color Backdoor Malware Exploits SAP Vulnerability
In other Linux news, a Linux-targeting malware called Auto-Color is exploiting a critical SAP NetWeaver vulnerability to infiltrate systems, with the first known attack hitting a U.S. chemical company back in April. The malware acts as a remote access trojan and uses advanced persistence techniques to evade detection, establish control via TLS, and stay dormant when disconnected from its command server.
Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm
Researchers at Armis Labs uncovered major software supply chain attacks in GitHub Actions, the UAParser.js npm package, and the Gravity Forms WordPress plugin, all involving backdoors or poisoned code that jeopardized thousands of systems. These incidents remind us how trusted developer tools can be compromised, and how AI-driven coding practices are being exploited. Experts warn that attackers can now backdoor vast numbers of software projects in days, making early detection and code integrity checks more critical than ever.