InfoSecBulletin Cybersecurity for mankind
New York-based cybersecurity firm Wiz has discovered sensitive data from the Chinese AI startup DeepSeek that was accidentally exposed on the internet.
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
In a blog post, Wiz reported that scans of DeepSeek’s infrastructure revealed over a million unsecured data lines. This data contained digital software keys and chat logs that recorded user prompts sent to the company’s free AI assistant.
Wiz’s chief technology officer said DeepSeek quickly secured the data after his firm alerted them.
“They took it down in less than an hour,” Ami Luttwak said. “But this was so simple to find we believe we’re not the only ones who found it.”
DeepSeek did not immediately return a message seeking comment.
DeepSeek’s rapid success with its AI assistant has excited China while worrying the U.S. The company’s ability to compete with OpenAI at a lower cost raises concerns about the profitability of American AI giants like Nvidia and Microsoft.
By Monday, it surpassed ChatGPT in downloads on Apple’s App Store, leading to a global decline in tech stocks.
