InfoSecBulletin Cybersecurity for mankind
This week, multiple research teams showcased jailbreaks for popular AI models, including OpenAI’s ChatGPT, DeepSeek, and Alibaba’s Qwen. After its launch, the open-source R1 model by Chinese company DeepSeek caught the attention of the cybersecurity industry. Experts found that jailbreak methods, previously patched in other AI models, still function against …
Read More »TimeLine Layout
February, 2025
-
2 February
Paragon Attack WhatsApp With New Zero-Click Spyware
WhatsApp reveiled on Friday that a “zero-click” spyware attack, linked to the Israeli company Paragon, has targeted many users globally, including journalists and civil society members. The spyware targeted almost 100 WhatsApp users, including journalists, and operated without user interaction, links, or attachments, making it particularly dangerous. Reuters reported that …
Read More » -
1 February
Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio
At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company’s $25 million settlement with Donald Trump, which includes $22 million for the future Trump Presidential Library. But Zuckerberg did say that he had to be increasingly careful about what he says internally at Meta. “Everything …
Read More » -
1 February
Indian tech giant Tata Tech hit by ransomware attack
Tata Technologies reported a ransomware incident affecting some IT services, but it did not disrupt client deliveries, according to a company filing with BSE and the National Stock Exchange of India. Tata Technologies filed the disclosure on January 31, as required by SEBI regulations. Tata Technologies reported that a ransomware …
Read More »
January, 2025
-
31 January
Vulnarabilitties found in Cisco webex and VMware Aria operation
A serious cybersecurity flaw in Cisco Webex Chat has been discovered, allowing unauthorized attackers to access the chat histories of organizations using the platform. Identified in July 2024, the flaw exposed sensitive communications from potentially thousands of organizations, including IT help desks and customer service operations. Proof-of-Concept and Real-World Impact: …
Read More » -
31 January
Microsoft to boost M365 bounty program rewards Up to $27,000
Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for identifying vulnerabilities, offering rewards up to $27,000 for critical submissions. This update highlights Microsoft’s commitment to improving software security and promoting global collaboration in finding vulnerabilities. The expanded scope introduces …
Read More » -
31 January
DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek
Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured ClickHouse instances are believed to have exposed over a million log entries that include user chat histories in plaintext, along with API keys, backend information, and operational metadata. Wiz Research …
Read More » -
30 January
Microsoft brings DeepSeeK to Azure AI Foundry and GitHub
Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate the R1 model into their AI applications. R1 is gaining attention for being trainable at a much lower cost than top AI models like those from OpenAI. DeepSeek’s R1 model …
Read More » -
30 January
Hackers leverage Google’s subdomains, phone number to attack victims
Scammers called a victim using Google’s official support number and sent an email from an official subdomain. It’s unclear how they managed to use Google’s services. Software engineer Zach Latta, founder of Hack Club, reported a unique attack on GitHub. Chloe called Latta from 650-203-0000, identified as “Google.” According to …
Read More » -
30 January
DeepSeek Sensitive data exposed To Web: Wiz report
New York-based cybersecurity firm Wiz has discovered sensitive data from the Chinese AI startup DeepSeek that was accidentally exposed on the internet. In a blog post, Wiz reported that scans of DeepSeek’s infrastructure revealed over a million unsecured data lines. This data contained digital software keys and chat logs that …
Read More »