Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for identifying vulnerabilities, offering rewards up to $27,000 for critical submissions. This update highlights Microsoft’s commitment to improving software security and promoting global collaboration in finding vulnerabilities. The expanded scope introduces …

Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured ClickHouse instances are believed to have exposed over a million log entries that include user chat histories in plaintext, along with API keys, backend information, and operational metadata. Wiz Research …

Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate the R1 model into their AI applications. R1 is gaining attention for being trainable at a much lower cost than top AI models like those from OpenAI. DeepSeek’s R1 model …

Scammers called a victim using Google’s official support number and sent an email from an official subdomain. It’s unclear how they managed to use Google’s services. Software engineer Zach Latta, founder of Hack Club, reported a unique attack on GitHub. Chloe called Latta from 650-203-0000, identified as “Google.” According to …

New York-based cybersecurity firm Wiz has discovered sensitive data from the Chinese AI startup DeepSeek that was accidentally exposed on the internet. In a blog post, Wiz reported that scans of DeepSeek’s infrastructure revealed over a million unsecured data lines. This data contained digital software keys and chat logs that …

FirePass, a fire prevention and suppression system is officially started its operation in Bangladesh. Smart Data brings the world class technology for Bangladesh. What is FirePass? FirePass, a fire prevention and suppression system. FirePASS® Corporation was established in 2001 in New York U.S.A. after the Phenomenon of ignition suppression in …

A newly found XSS vulnerability, CVE-2024-57514, in the TP-Link Archer A20 v3 Router has raised security concerns for users. CVE-2024-57514 is a flaw in firmware version 1.0.6 Build 20231011 rel.85717(5553) that lets attackers run arbitrary JavaScript code via the router’s web interface, posing a risk of exploitation. Discovery of the Vulnerability: …

Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series devices, known as CVE-2024-40891. The critical, unpatched vulnerability has left more than 1,500 devices worldwide at risk, according to Censys. About the Vulnerability – CVE-2024-40891: CVE-2024-40891 is a vulnerability that lets …

Apple has issued security updates to address a zero-day flaw affecting iPhone users that is currently being exploited in attacks. A zero-day vulnerability, CVE-2025-24085, has been fixed today. It affects Apple’s Core Media framework and allows privilege escalation on iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. “A malicious application may …

DeepSeek, a Chinese AI startup that recently surpassed OpenAI’s ChatGPT as the top free app on Apple’s App Store in the U.S., is experiencing a major cyber attack and has limit new user registrations. Founded in 2023, DeepSeek has rapidly become a strong contender in the AI industry, specializing in …