Uncategorized

Britain’s security officials have ordered that Apple create a so-called ‘back door’ allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, The Washington Post reported on Friday citing people familiar with the matter. Rather than break the security promises it made to its …

A critical vulnerability (CVE-2025-0411) in the file archiving tool 7-Zip is being actively exploited, mainly targeting Ukrainian organizations. It has been included in CISA’s database of known exploited vulnerabilities. This flaw lets attackers bypass Windows’ Mark-of-the-Web (MoTW) security, allowing them to run malicious code. CISA has added CVE-2025-0411, a critical …

A threat actor has reportedly acquired login details, including passwords and email addresses, for 20 million OpenAI accounts. GBHackers report states that an underground forum user claimed to sell a sample of data and the full batch for a low price. The authenticity of these claims is unverified, but the situation …

A recent Aqua Security report highlights major security risks in Kubernetes policy enforcement, especially with Open Policy Agent (OPA) Gatekeeper. Although OPA Gatekeeper is commonly used for security policies in Kubernetes, researchers found methods to bypass its controls due to frequent misconfigurations and weak policies. According to the report, “Implementing …

F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources. When name-based virtual hosts are configured to share the same IP address and port combination, with TLS …

Ransomware payments dropped by 35% last year compared to 2023, despite an increase in the number of attacks, according to a new report from Chainalysis. Despite claims from cybersecurity firms that ransomware activity peaked in 2024, there has been a significant drop in extortion payments. Chainalysis also noted in its …

Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total cost of roughly $30. The news raises questions about whether developing advanced AI requires huge budgets or if cheaper alternatives have been ignored by major tech companies. DeepSeek recently launched …

Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for identifying vulnerabilities, offering rewards up to $27,000 for critical submissions. This update highlights Microsoft’s commitment to improving software security and promoting global collaboration in finding vulnerabilities. The expanded scope introduces …

Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured ClickHouse instances are believed to have exposed over a million log entries that include user chat histories in plaintext, along with API keys, backend information, and operational metadata. Wiz Research …

Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate the R1 model into their AI applications. R1 is gaining attention for being trainable at a much lower cost than top AI models like those from OpenAI. DeepSeek’s R1 model …