Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
How we found +2k vulns, 400+ secrets and 175 PII instances in publicly exposed apps built on vibe-coded platforms (Research methodology)
published on 2025-10-30 15:53:10 UTC by /u/PriorPuzzleheaded880Content:
I think one of the interesting parts in methodology is that due to structure of the integration between Lovable front-ends and Supabase backends via API, and the fact that certain high-value signals (for example, anonymous JWTs to APIs linking Supabase backends) only appear in frontend bundles or source output, we needed to introduce a lightweight, read-only scan to harvest these artifacts and feed them back into the attack surface management inventory.
Here is the blog article that describes our methodology in depth.
In a nutshell, we found:
- 2k medium vulns, 98 highly critical issues
- 400+ exposed secrets
- 175 instances of PII (including bank details and medical info)
- Several confirmed BOLA, SSRF, 0-click account takeover and others
[link] [comments]
https://www.reddit.com/r/netsec/comments/1ok3ffd/how_we_found_2k_vulns_400_secrets_and_175_pii/
Published: 2025 10 30 15:53:10
Received: 2025 10 30 16:03:27
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
Views: 4
