Wiz Uncovers Critical SSO Bypass Flaw in AI-Powered Base44 Platform Patched by Wix; Related Crypto Theft and Ransomware Threats Emerge

Security researchers from Wiz have uncovered a critical access bypass vulnerability in the AI-powered vibe coding platform Base44, which allowed anyone with a public app_id to bypass single sign-on (SSO) and access private applications without authentication. The flaw was quickly patched by Wix, the platform's operator, but it highlights substantial risks in AI development environments. In related cybersecurity developments, an AI-generated npm package named "kodane/patch-manager" was found to steal cryptocurrency from developers, accumulating over 1,500 downloads before removal. Additionally, GreyNoise reported notable spikes in attacker activity targeting edge devices weeks before new CVE disclosures in 80% of cases analyzed. Other emerging threats include the Akira ransomware exploiting SonicWall VPNs via likely zero-day attacks on fully patched devices, the discovery of a new 'Plague' PAM backdoor compromising critical Linux systems by silently stealing credentials, and the CL-STA-0969 malware conducting a covert espionage campaign in telecom networks over ten months.