Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical Vulnerability in Base44: Bypassing Authentication with Ease

2025-07-31
Critical Vulnerability in Base44: Bypassing Authentication with Ease

Wiz Research uncovered a critical vulnerability in Base44 (recently acquired by Wix), a popular vibe coding platform. Attackers could bypass authentication and access private applications and sensitive data using only a publicly available app_id. The vulnerability was remarkably easy to exploit and impacted enterprise applications including internal chatbots and automations. Wix quickly patched the vulnerability within 24 hours and confirmed no evidence of past abuse. This highlights the crucial need for strong security controls, such as authentication and secure API design, in AI-powered development platforms.

Read more
(www.wiz.io)
Tech Base44 Vulnerability

GitHub Actions Security: Best Practices After Two Major Incidents

2025-05-08
GitHub Actions Security: Best Practices After Two Major Incidents

Recent attacks on GitHub Actions, including a supply chain attack and a compromise of the tj-actions, highlight significant security risks. This guide offers practical advice to secure your GitHub Actions workflows. It covers essential terminology, best practices for configuring organization-level settings and repository-level branch protection, secrets management, and safe workflow writing. Key vulnerabilities like Poisoned Pipeline Execution (PPE) are discussed, along with recommendations for minimizing third-party action usage, controlling permissions, and using tools for static analysis and policy enforcement.

Read more
(www.wiz.io)
Development

IngressNightmare: Critical Vulnerabilities Impacting Thousands of Kubernetes Clusters

2025-03-25
IngressNightmare: Critical Vulnerabilities Impacting Thousands of Kubernetes Clusters

Wiz Research discovered a series of unauthenticated Remote Code Execution vulnerabilities (dubbed #IngressNightmare) in Ingress NGINX Controller for Kubernetes. Exploitation grants unauthorized access to all secrets across all namespaces, potentially leading to cluster takeover. Approximately 43% of cloud environments are vulnerable, with over 6,500 affected clusters, including Fortune 500 companies, publicly exposing vulnerable components. Immediate patching is crucial. Mitigations include updating to the latest Ingress NGINX Controller version or disabling the admission controller component.

Read more
(www.wiz.io)
Development

DeepSeek's Exposed Database Leaks Sensitive Chat Logs and API Keys

2025-01-29
DeepSeek's Exposed Database Leaks Sensitive Chat Logs and API Keys

Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, a Chinese AI startup, exposing over a million log entries containing sensitive information. The exposed database, accessible without authentication, allowed full control and contained chat history, API keys, backend details, and other critical data. Wiz responsibly disclosed the vulnerability to DeepSeek, which quickly remediated the issue. This incident highlights the critical security risks associated with the rapid adoption of AI technologies and the need for robust security practices even for burgeoning startups.

Read more
(www.wiz.io)
Tech database security