07/24/2025-07/31/2025 Phishing Attack Targeting Developers With Fake PyPI Site, Toptal GitHub Breach Exposes 73 Repositories and Injects Malware into 10 npm Packages And More.

1. Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Researchers have disclosed a now-patched critical flaw in Base44, a popular AI-powered “vibe coding” platform owned by Wix, that allowed unauthorized access to private applications. The issue, tracked as CVE-2025-31324, stemmed from exposed registration and OTP verification endpoints that required only a visible “app_id” to bypass authentication, including SSO protections. Wiz discovered the vulnerability and reported it on July 9, 2025. Wix issued a fix within 24 hours, and there’s no evidence of active exploitation. The flaw allowed attackers to register and verify accounts for private apps, gaining full access without permission. As AI tools like Base44 rise in popularity, ensuring built-in security is critical. Experts also warn that generative AI systems remain vulnerable to prompt injection, jailbreaks, and misconfigurations, underlining the need for proactive security frameworks like toxic flow analysis.

2. PyPI Warns of New Phishing Attack Targeting Developers With Fake PyPI Site

PyPI has issued an urgent warning about an ongoing phishing campaign targeting developers through domain spoofing to steal credentials. The attack uses emails from [email protected] (a typosquatted version of pypi.org) with the subject “[PyPI] Email verification.” These emails direct users to a fake website that mimics PyPI’s login page.

The phishing site uses pass-through authentication to capture credentials while forwarding them to PyPI, tricking users into believing they’ve logged in safely. The campaign targets developers with public emails linked to published PyPI packages. PyPI confirms that its systems remain secure and that this is an external phishing attempt, not a breach. A warning banner has been added to the official site, and PyPI is working with domain registrars and CDNs to shut down the malicious infrastructure.

Developers are urged to verify URLs before logging in, delete suspicious emails, and change passwords immediately if compromised. Monitoring account activity is also strongly advised.

3. U.S. CISA Adds Cisco ISE and PaperCut NG/MF Flaws to its Known Exploited Vulnerabilities Catalog

CISA has added critical flaws in Cisco Identity Services Engine (ISE) and PaperCut NG/MF to its Known Exploited Vulnerabilities (KEV) catalog. The Cisco flaws—CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337—allow unauthenticated, remote attackers to execute code as root via vulnerable APIs. Cisco confirmed attempted exploitation in July 2025 and urges users to upgrade immediately. CVE-2025-20281 and CVE-2025-20282 (CVSS 10) affect ISE/ISE-PIC 3.3+ and 3.4, respectively, while CVE-2025-20337 is a newly patched, similar flaw.

Also added is CVE-2023-2533, a CSRF vulnerability in PaperCut NG/MF (CVSS 8.4), which allows attackers to hijack admin sessions and change security settings through crafted malicious links. While Cisco hasn’t revealed details on the threat actors, federal agencies must address these vulnerabilities under Binding Operational Directive 22-01. Private organizations are also urged to review the KEV catalog and patch affected systems promptly.

4. Toptal GitHub Breach Exposes 73 Repositories and Injects Malware into 10 npm Packages

In a recent software supply chain attack, unknown threat actors compromised Toptal’s GitHub organization and uploaded 10 malicious packages to the npm registry. The packages, which were downloaded around 5,000 times, contained code to steal GitHub tokens and delete files on both Windows and Linux systems. The attack targeted preinstall and postinstall scripts, sending stolen data to a webhook site before wiping the victim’s system. The breach also exposed 73 private Toptal repositories. It’s unclear how the compromise occurred—potential causes include stolen credentials or insider threats. All affected packages have been reverted to safe versions.

Separately, another campaign targeted both npm and PyPI with spyware capable of keylogging, screenshot and webcam capture, and data theft. Data was sent via Slack webhooks, Gmail SMTP, and AWS Lambda.

Additionally, the Amazon Q extension for VS Code was found to contain malicious commands to delete user systems and AWS resources. Amazon has removed the rogue version and released a fixed update.