Sensitive DeepSeek data exposed to web: Cyber firm
In a blog post published Wednesday, Wiz said that scans of DeepSeek's infrastructure showed that the company had accidentally left more than a million lines of data available unsecured. Those included digital software keys and chat logs that appeared to capture prompts being sent from users to the company's free AI assistant.
Wiz's chief technology officer said DeepSeek quickly secured the data after his firm alerted them.
'They took it down in less than an hour,' Ami Luttwak said. 'But this was so simple to find we believe we're not the only ones who found it.'
DeepSeek did not immediately return a message seeking comment.
DeepSeek's practically overnight success following the launch of its AI assistant has thrilled China and sparked anxiety in America. The Chinese company's apparent ability to match OpenAI's capabilities at a much lower cost has posed questions over the sustainability of the business models and profit margins of US AI giants such as Nvidia and Microsoft.
By Monday, it had overtaken US rival ChatGPT in downloads from Apple's App Store, triggering a global selloff in tech shares.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Al Arabiya
2 days ago
- Al Arabiya
OpenAI staff looking to sell $6 billion in stock: Report
Current and former employees of OpenAI are looking to sell nearly $6 billion worth of the ChatGPT maker's shares to investors including SoftBank Group and Thrive Capital, a source familiar with the matter told Reuters on Friday. The potential deal would value the company at $500 billion, up from $300 billion currently, underscoring both OpenAI's rapid gains in users and revenue, as well as the intense competition among artificial intelligence firms for talent. SoftBank, Thrive and Dragoneer Investment Group did not immediately respond to requests for comment. All three investment firms are existing OpenAI investors. Bloomberg News, which had earlier reported the development, said discussions are in early stages and the size of the sale could change. The secondary share sale investment adds to SoftBank's role in leading OpenAI's $40 billion primary funding round. Bolstered by its flagship product ChatGPT, OpenAI doubled its revenue in the first seven months of the year, reaching an annualized run rate of $12 billion, and is on track to reach $20 billion by the end of the year, Reuters reported earlier in August. Microsoft-backed OpenAI has about 700 million weekly active users for its ChatGPT products, a surge from about 400 million in February.
Arab News
3 days ago
- Arab News
Oil Updates — prices maintain gains ahead of Trump-Putin summit
NEW YORK: Oil prices nudged higher on Friday to fresh one-week highs after US President Donald Trump warned of 'consequences' if Russia blocked a Ukraine peace deal, injecting concerns about supply. Sentiment was also boosted by strong economic data out of Japan, which is among the largest global crude importers. Brent crude futures gained 16 cents, or 0.2 percent, to $67.00 a barrel by 03:17 a.m. Saudi time. US West Texas Intermediate crude futures were up 14 cents, also 0.2 percent, to $64.10. All eyes are on Friday's meeting of Trump and Russian leader Vladimir Putin in Alaska, where a ceasefire in the Ukraine war is at the top of the agenda. A continued conflict between Russia and Ukraine supports oil markets by limiting the supply of Russian oil. Trump, however, also said he believes Russia is prepared to end the war in Ukraine. Fresh Japanese government data released on Friday showed the economy expanded an annualised 1.0 percent in the April-June quarter, compared with a median market forecast for a 0.4 percent increase. The rise in gross domestic product translated into a quarterly increase of 0.3 percent, compared with a median estimate of a 0.1 percent increase. Strong economic activity typically spurs oil consumption. Prospects of higher-for-longer US interest rates, however, kept oil prices from rising further. Higher-than-expected inflation data and weak jobs numbers out of the US raised concerns that the Federal Reserve would keep interest rates high, usually a dampener of oil consumption.
Makkah Newspaper
4 days ago
- Makkah Newspaper
Phishing evolves with AI and stealth: Kaspersky highlights biometric and signature risks with attempts increasing by 22.5% in KSA
Kaspersky has detected and blocked over 142 million phishing link clicks globally Q2 2025, the Kingdom of Saudi Arabia saw a 22.5% increase from Q1 in phishing attempts. Currently phishing is going through a shift driven by sophisticated AI-powered deception techniques and innovative evasion methods. Cybercriminals are exploiting deepfakes, voice cloning and trusted platforms like Telegram and Google Translate to steal sensitive data, including biometrics, electronic signatures and handwritten signatures, posing unprecedented risks to individuals and businesses. AI-powered tactics transforming phishing attacks AI has elevated phishing into a highly personalized threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams. AI-driven bots on social media and messaging apps impersonate real users, engaging victims in prolonged conversations to build trust. These bots often fuel romantic or investment scams, luring victims into fake opportunities with AI-generated audio messages or deepfake videos. An example of a phishing email created with DeepSeek (left) and an example of a phishing website created with AI (right) Attackers also create realistic audio and video deepfake impersonations of trusted figures — colleagues, celebrities or even bank officials — to promote fake giveaways or extract sensitive information. For instance, automated calls mimicking bank security teams use AI-generated voices to trick users into sharing two-factor authentication (2FA) codes, enabling account access or fraudulent transactions. Additionally, AI-powered tools analyze public data from social media or corporate websites to launch targeted attacks, such as HR-themed emails or fake calls referencing personal details. Employing new tactics to bypass detection Phishers are deploying sophisticated methods to gain trust, exploiting legitimate services to prolong their campaigns. For instance, Telegram's Telegraph platform, a tool to publish long texts, is used to host phishing content. Google Translate's page translation feature generates links that look like and are used by attackers to bypass security solutions' filters. A phishing page mimicking an Office document hosted on Telegraph (left) and an example of a phishing page hidden behind a URL provided by Google Translate (right) Attackers now also integrate CAPTCHA, a common anti-bot mechanism, into phishing sites before directing users to the malicious page itself. By using CAPTCHA, these fraudulent pages deflect anti-phishing algorithms, as the presence of CAPTCHA is often associated with trusted platforms, lowering the likelihood of detection. A switch in hunting: from logins and passwords to biometrics and signatures The focus has shifted from passwords to immutable data. Attackers target biometric data through fraudulent sites that request smartphone camera access under pretexts like account verification, capturing facial or other biometric identifiers that cannot be changed. These are used for unauthorized access to sensitive accounts or sold on the dark web. Similarly, electronic and handwritten signatures, critical for legal and financial transactions, are stolen via phishing campaigns impersonating platforms like DocuSign or prompting users to upload signatures to fraudulent sites, posing significant reputational and financial risks to businesses. 'The convergence of AI and evasive tactics has turned phishing into a near-native mimic of legitimate communication, challenging even the most vigilant users. Attackers are no longer satisfied with stealing passwords — they're targeting biometric data, electronic and handwritten signatures, potentially creating devastating, long-term consequences. By exploiting trusted platforms like Telegram and Google Translate, and co-opting tools like CAPTCHA, attackers are outpacing traditional defenses. Users must stay increasingly skeptical and proactive to avoid falling victim,' said Olga Altukhova, security expert at Kaspersky. Detailed information is available in a report on Earlier in 2025 Kaspersky detected a sophisticated targeted phishing campaign which was dubbed Operation ForumTroll, as attackers sent personalized phishing emails inviting recipients to the 'Primakov Readings' forum. These lures targeted media outlets, educational institutions and government organizations in Russia. After clicking on the link in the email, no additional action was needed to compromise their systems: the exploit leveraged a previously unknown vulnerability in the latest version of Google Chrome. The malicious links were extremely short-lived to evade detection and in most cases ultimately redirected to the legitimate website for 'Primakov Readings' once the exploit was taken down. To be protected from phishing, Kaspersky recommends: • Verify unsolicited messages, calls, or links, even if they appear legitimate. Never share 2FA codes. • Scrutinize videos for unnatural movements or overly generous offers, which may indicate deepfakes. • Deny camera access requests from unverified sites and avoid uploading signatures to unknown platforms. • Limit sharing sensitive details online, such as document photos or sensitive work information. • Use Kaspersky Next (in corporate environments) or Kaspersky Premium (for individual use) to block phishing attempts.
