Supabase — Cyber Threats, Attacks & Incidents

Threat entity extracted from intelligence sources

Frequency
13
occurrences
First Seen
February 2, 2026
Last Seen
June 30, 2026

Supabase is a technology platform tracked across 9 threat clusters and 13 intelligence report mentions on ThreatCluster. First observed February 2, 2026; most recent activity June 30, 2026.

Related Threat Clusters

  • Gamaredon Exploits WinRAR Vulnerability in Ongoing Ukraine Campaign

    Gamaredon, a Russian state-backed APT group, is actively exploiting a WinRAR vulnerability (CVE-2025-8088) to deploy malware against Ukrainian government and military targets. The attack begins with a spearphishing…

    7 articles · Updated June 2, 2026
  • Gamaredon APT Escalates Cyber Operations Against Ukraine in 2025

    The Gamaredon group, a Russian-aligned APT, has significantly upgraded its cyber capabilities in 2025, focusing on spear-phishing campaigns against Ukrainian targets. ESET Research reports that Gamaredon conducted 35…

    7 articles · Updated June 25, 2026
  • Bitdefender Alerts on APT36's New AI 'Vibeware' Targeting India

    Bitdefender has reported a new AI-driven attack model termed 'vibeware', which generates numerous disposable malware variants. This tactic is linked to APT36 (Transparent Tribe), a Pakistan-aligned threat actor that has…

    8 articles · Updated March 6, 2026
  • Vibe-Coded Apps Expose Sensitive Data on Open Web

    Recent research revealed that over 5,000 vibe-coded applications, created using platforms like Lovable and Base44, exposed sensitive corporate and personal data. The cybersecurity firm RedAccess found that approximately…

    7 articles · Updated May 9, 2026
  • Lovable Faces Backlash Over Data Exposure Due to BOLA Vulnerability

    Lovable, a vibe-coding platform, is under scrutiny after a researcher revealed a significant data exposure issue affecting all projects created before November 2025. The researcher, known as @weezerOSINT, demonstrated…

    6 articles · Updated April 21, 2026
  • Lovable Platform Hosts Vulnerable App Exposing 18,000 Users' Data

    Vibe-coding platform Lovable has been implicated in hosting an app with 16 vulnerabilities, including six critical ones, discovered by tech entrepreneur Taimur Khan. The vulnerabilities led to the exposure of personal…

    2 articles · Updated February 27, 2026
  • State-Sponsored Hackers Exploit Google's Gemini AI for Cyberattacks

    State-backed hackers from China, Iran, North Korea, and Russia are utilizing Google's Gemini AI model to facilitate various stages of cyberattacks, including reconnaissance and post-compromise actions. Notably, the…

    162 articles · Updated February 12, 2026
  • Malicious NuGet Package Targets Stripe Developers

    Cybersecurity researchers have identified a malicious NuGet package named StripeApi.Net that impersonates Stripe's official .NET library, Stripe.net. This incident represents a shift in threat actors' tactics from…

    2 articles · Updated February 25, 2026
  • Moltbook's Security Flaw Exposes AI-Only Social Network Risks

    Moltbook, an AI-driven social network launched in late January 2026, allows AI agents to interact without human oversight. Shortly after its debut, security researchers identified a critical vulnerability that…

    16 articles · Updated February 1, 2026

Recent Intelligence Reports

  • Gamaredon 2025 Leveraging Tunnels Workers Dead Drops New Alliances — www.welivesecurity.com · June 30, 2026
  • Gamaredon Uses GammaPhish and GammaWorm in Ukraine — Socprime · June 2, 2026
  • Methodology How We Discovered Vulnerabilities Apps Built With Vibe Coding — escape.tech · May 9, 2026
  • 5,000 vibe-coded apps just proved shadow AI is the new S3 bucket crisis — Venturebeat · May 9, 2026
  • Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is ... — Thenextweb · April 21, 2026
  • Lovable goes on ego trip denying vulnerability, then blames others for said vulnerability — Cybernews · April 21, 2026
  • Bitdefender warns of AI 'vibeware' targeting India — Securitybrief.Au · March 6, 2026
  • Vibe coded Lovable — News.Ycombinator · February 27, 2026

CVSS v3.1 Breakdown