07/24/2025-07/31/2025 Phishing Attack Targeting Developers With Fake PyPI Site, Toptal GitHub Breach Exposes 73 Repositories and Injects Malware into 10 npm Packages And More.

1. Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

Researchers have disclosed a now-patched critical flaw in Base44, a popular AI-powered “vibe coding” platform owned by Wix, that allowed unauthorized access to private applications. The issue, tracked as CVE-2025-31324, stemmed from exposed registration and OTP verification endpoints that required only a visible “app_id” to bypass authentication, including SSO protections. Wiz discovered the vulnerability and reported it on July 9, 2025. Wix issued a fix within 24 hours, and there’s no evidence of active exploitation. The flaw allowed attackers to register and verify accounts for private apps, gaining full access without permission. As AI tools like Base44 rise in popularity, ensuring built-in security is critical. Experts also warn that generative AI systems remain vulnerable to prompt injection, jailbreaks, and misconfigurations, underlining the need for proactive security frameworks like toxic flow analysis.

2. PyPI Warns of New Phishing Attack Targeting Developers With Fake PyPI Site

PyPI has issued an urgent warning about an ongoing phishing campaign targeting developers through domain spoofing to steal credentials. The attack uses emails from [email protected] (a typosquatted version of pypi.org) with the subject “[PyPI] Email verification.” These emails direct users to a fake website that mimics PyPI’s login page.

The phishing site uses pass-through authentication to capture credentials while forwarding them to PyPI, tricking users into believing they’ve logged in safely. The campaign targets developers with public emails linked to published PyPI packages. PyPI confirms that its systems remain secure and that this is an external phishing attempt, not a breach. A warning banner has been added to the official site, and PyPI is working with domain registrars and CDNs to shut down the malicious infrastructure.

Developers are urged to verify URLs before logging in, delete suspicious emails, and change passwords immediately if compromised. Monitoring account activity is also strongly advised.

3. U.S. CISA Adds Cisco ISE and PaperCut NG/MF Flaws to its Known Exploited Vulnerabilities Catalog

CISA has added critical flaws in Cisco Identity Services Engine (ISE) and PaperCut NG/MF to its Known Exploited Vulnerabilities (KEV) catalog. The Cisco flaws—CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337—allow unauthenticated, remote attackers to execute code as root via vulnerable APIs. Cisco confirmed attempted exploitation in July 2025 and urges users to upgrade immediately. CVE-2025-20281 and CVE-2025-20282 (CVSS 10) affect ISE/ISE-PIC 3.3+ and 3.4, respectively, while CVE-2025-20337 is a newly patched, similar flaw.

Also added is CVE-2023-2533, a CSRF vulnerability in PaperCut NG/MF (CVSS 8.4), which allows attackers to hijack admin sessions and change security settings through crafted malicious links. While Cisco hasn’t revealed details on the threat actors, federal agencies must address these vulnerabilities under Binding Operational Directive 22-01. Private organizations are also urged to review the KEV catalog and patch affected systems promptly.

4. Toptal GitHub Breach Exposes 73 Repositories and Injects Malware into 10 npm Packages

In a recent software supply chain attack, unknown threat actors compromised Toptal’s GitHub organization and uploaded 10 malicious packages to the npm registry. The packages, which were downloaded around 5,000 times, contained code to steal GitHub tokens and delete files on both Windows and Linux systems. The attack targeted preinstall and postinstall scripts, sending stolen data to a webhook site before wiping the victim’s system. The breach also exposed 73 private Toptal repositories. It’s unclear how the compromise occurred—potential causes include stolen credentials or insider threats. All affected packages have been reverted to safe versions.

Separately, another campaign targeted both npm and PyPI with spyware capable of keylogging, screenshot and webcam capture, and data theft. Data was sent via Slack webhooks, Gmail SMTP, and AWS Lambda.

Additionally, the Amazon Q extension for VS Code was found to contain malicious commands to delete user systems and AWS resources. Amazon has removed the rogue version and released a fixed update.

07/16/2025-07/23/2025 SysAid Vulnerability Exploitation, Active Exploitation Of ISE and ISE-PIC Flaws, npm Linter Packages Hijacked And More.

1. CISA Warns of SysAid Vulnerability Exploitation

CISA has added two recently patched SysAid On-Prem vulnerabilities—CVE-2025-2776 and CVE-2025-2775—to its KEV catalog. Patched in March 2025 with version 24.4.60 of SysAid’s ITSM software, the flaws are pre-authentication XML external entity (XXE) issues discovered by WatchTowr in December 2024.

WatchTowr published proof-of-concept (PoC) exploit code in May 2025 and warned that the bugs could be chained with CVE-2024-36394, a separate OS command injection flaw, to enable unauthenticated remote command execution. Despite this, CVE-2024-36394 has not been added to the KEV list.

SysAid claims over 10 million users worldwide, though only 77 vulnerable internet-exposed instances were identified at disclosure. CISA notes there’s no evidence these flaws have been used in ransomware attacks. However, SysAid products have been previously targeted—most notably in 2023 by Cl0p ransomware exploiting a zero-day (CVE-2023-47246). 

2. Cisco Сonfirms Active Exploitation Of ISE and ISE-PIC Flaws

Cisco has confirmed active exploitation of critical vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), observed in July 2025. The flaws—CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337—allow unauthenticated remote attackers to execute arbitrary code with root privileges.
The company warns that attackers are targeting these vulnerabilities in the wild and strongly urges customers to upgrade to fixed software versions. CVE-2025-20281 and CVE-2025-20282 (both CVSS 10) affect ISE/ISE-PIC versions 3.3+ and 3.4, respectively, enabling code execution via vulnerable or internal APIs due to poor input and file validation.

CVE-2025-20337, patched last week, is similar to CVE-2025-20281 and also allows root-level code execution. All three flaws stem from improper validation mechanisms, making it possible to upload malicious files or send crafted API requests.

3. Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks

Microsoft has released patches for CVE-2025-53770, a critical remote code execution flaw (CVSS 9.8) in on-premises SharePoint Server actively exploited in the wild. The flaw stems from the deserialization of untrusted data. A related spoofing vulnerability, CVE-2025-53771 (CVSS 7.1), was also disclosed and patched with enhanced protections.

Both issues are tied to earlier flaws (CVE-2025-49704 and CVE-2025-49706) used in a ToolShell exploit chain patched in July 2025. Microsoft noted that CVE-2025-53770 is a variant of CVE-2025-49706.

Only on-premises SharePoint versions are affected, including Server 2016, 2019, and Subscription Edition. SharePoint Online is unaffected.

Customers are urged to apply the latest updates, enable AMSI in Full Mode, rotate ASP.NET machine keys, and restart IIS. Over 50 organizations, including banks and universities, have reportedly been compromised since July 18.

CISA has added CVE-2025-53770 to its Known Exploited Vulnerabilities catalog, mandating fixes for U.S. federal agencies by July 21, 2025.

4. EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

Threat actor EncryptHub (aka LARVA-208/Water Gamayun) is targeting Web3 developers with stealer malware, using fake AI platforms like “Norlax AI” to lure victims through job offers and portfolio reviews. Swiss firm PRODAFT revealed the attackers trick targets into clicking meeting links sent via X, Telegram, or job board Remote3. An initial Google Meet call builds trust before redirecting victims to Norlax AI, where a fake audio driver error prompts malware download.

The malware, disguised as a Realtek audio driver, uses PowerShell to deploy Fickle Stealer, harvesting crypto wallets and dev credentials, then sending them to a server dubbed SilentPrism. This marks a shift in EncryptHub’s tactics from ransomware to data theft and resale.

5. Popular npm Linter Packages Hijacked via Phishing to Drop Malware

Several widely used JavaScript libraries, including eslint-config-prettier (30M+ weekly downloads), were hijacked in a supply chain attack after the maintainer, JounQin, fell for a phishing email mimicking npm support. Other impacted packages include eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall.

On July 18, developers noticed suspicious behavior in versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7 of eslint-config-prettier, which lacked corresponding GitHub changes. The attacker used a stolen npm token to inject malicious postinstall scripts running install.js, which executed a trojanized DLL (node-gyp.dll) via Windows’ rundll32.
The malicious DLL is currently flagged by only 19 of 72 antivirus engines on VirusTotal.

Security researcher MalwareUtkonos also flagged a similar compromise of the got-fetch package by a different maintainer, suggesting the same threat actor is behind both attacks. That maintainer has since archived the GitHub repo and deprecated all versions.

Developers are urged to review affected packages and avoid installing compromised versions.

6. Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters

Threat actors are abusing public GitHub repositories to host malicious payloads and distribute them via Amadey malware. The campaign involves fake GitHub accounts hosting Amadey plugins and tools, delivered using the Emmenhtal loader (aka PEAKLIGHT). The campaign mirrors a February 2025 phishing attack that distributed SmokeLoader via Emmenhtal, targeting Ukrainian organizations. In this latest campaign, Emmenhtal delivers Amadey, which can collect system data and deploy payloads like Lumma, RedLine, and Rhadamanthys Stealers. Some JavaScript and Python scripts in the GitHub repos are updated versions of Emmenhtal loaders.
GitHub has since taken down the fake accounts, but the activity reflects broader malware-as-a-service (MaaS) abuse of trusted platforms.

Meanwhile, Trellix reported SquidLoader targeting financial firms in Hong Kong. It employs advanced anti-analysis features and drops Cobalt Strike beacons.

07/09/2025-07/16/2025 Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability, Critical mcp-remote Vulnerability, Patch for Critical SQL Injection Flaw And More.

1. Google AI “Big Sleep” Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act

Google announced that its AI-assisted vulnerability detection system, Big Sleep, uncovered a critical flaw (CVE-2025-6965, CVSS 7.2) in the SQLite database before it could be exploited. The memory corruption bug, affecting versions prior to 3.50.2, could allow attackers to trigger an integer overflow via arbitrary SQL injection.Google described this latest discovery as the first known case where an AI directly prevented a real-world exploit.

To ensure AI agents like Big Sleep operate safely, Google published a white paper outlining a hybrid security model. It combines traditional, rule-based controls with dynamic AI reasoning to create “defense-in-depth” safeguards. These enforced boundaries aim to reduce risks such as prompt injection and unauthorized actions.

2. Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks

A critical vulnerability, CVE-2025-6514 (CVSS 9.6), affects versions 0.0.5–0.1.15 of the mcp-remote project, allowing remote code execution (RCE) via untrusted MCP server connections. The flaw poses serious risks to LLM clients (e. g., Claude Desktop) by enabling OS command injection through malicious authorization_endpoint values during OAuth metadata discovery.

Attackers can exploit this either by hosting a malicious MCP server or via man-in-the-middle attacks over unsecured HTTP connections. On Windows systems, the issue stems from PowerShell’s subexpression evaluation, enabling arbitrary command execution—such as writing files or running system commands—without proper validation.

Remediation steps:

• Update to mcp-remote v0.1.16 immediately.
• Use HTTPS-only connections to trusted servers.
• Audit MCP configurations and remove any HTTP-based endpoints.
• Enforce strict trust policies for remote servers.

With LLM platforms increasingly integrating MCP, maintaining secure configurations and monitoring for similar threats is critical to preventing system compromise.

3. Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet has patched a critical vulnerability (CVE-2025-25257, CVSS 9.6) in FortiWeb that allows unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP/HTTPS requests. The flaw stems from improper input sanitization in the get_fabric_user_by_token function, part of the Fabric Connector component, and affects multiple API endpoints.

Exploiting this SQL injection can lead to remote code execution by using SQL’s SELECT ... INTO OUTFILE to write and execute malicious files on the system, which runs queries under the mysql user.

Impacted versions include:

• FortiWeb 7.6.0–7.6.3 (fix: update to 7.6.4+)
• 7.4.0–7.4.7 (update to 7.4.8+)
• 7.2.0–7.2.10 (update to 7.2.11+)
• 7.0.0–7.0.10 (update to 7.0.11+)

Fortinet recommends disabling the HTTP/HTTPS admin interface as a temporary workaround and urges users to apply patches immediately due to past exploitation of Fortinet vulnerabilities.

4. Hackers Are Exploiting Critical RCE Flaw In Wing FTP Server

Hackers began exploiting a critical RCE vulnerability (CVE-2025-47812) in Wing FTP Server just one day after technical details became public. The flaw combines a null byte and Lua code injection, allowing unauthenticated remote attackers to execute code as root/SYSTEM on affected systems (v7.4.3 and earlier).

The vulnerability stems from unsafe handling of null-terminated strings and poor input sanitization. By injecting a null byte in the username field, attackers can bypass authentication and inject Lua code into session files, leading to arbitrary code execution.

Security firm Huntress observed real-world attacks using this flaw to gain persistence, run recon commands, and attempt malware downloads via certutil. At least five IP addresses targeted a customer’s server, indicating mass scanning.
Three additional flaws (CVE-2025-27889, -47811, -47813) were also disclosed, exposing passwords and file paths.

Users must upgrade to version 7.4.4. If not possible, disable web portal access, restrict anonymous logins, and monitor the session directory for suspicious files.

5. CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CISA has added a critical vulnerability in Citrix NetScaler ADC and Gateway (CVE-2025-5777, CVSS 9.3) to its KEV catalog, confirming active exploitation in the wild. Dubbed Citrix Bleed 2, the flaw stems from insufficient input validation, allowing unauthenticated attackers to perform memory overreads and steal sensitive session data.

First reported in mid-June 2025, attackers have leveraged it to extract session tokens and access internal systems. Exploitation attempts have been traced to 10 IPs from multiple countries, with links to RansomHub ransomware.

Citrix released a patch (version 14.1-43.56+) on June 17. Admins are urged to update immediately and terminate all active sessions to prevent token reuse. Logs should be reviewed for suspicious authentication endpoint activity.

The flaw allows remote code execution and lateral movement in hybrid IT environments. CISA mandated federal agencies to patch within 24 hours. Another Citrix flaw (CVE-2025-6543) is also being exploited.