SAN MATEO, CA, February 3, 2025 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Sponsored by NetworkTigers.
DeepSeek security lapse highlights rapid AI development concerns
Chinese AI startup DeepSeek’s flaw exposed over a million lines of log streams, chat logs, API keys, backend details, and operational metadata. The leak was possibly due to security lapses within the platform that resulted in two open ports leading to a ClickHouse database that did not require authentication to access. Wiz Research, the organization that discovered the flaw, said, “An attacker with access to this database could exploit it to retrieve plaintext passwords, sensitive server data, and other confidential information.” Wiz Research alerted DeepSeek to the flaw, and then secured the database and fixed the issue. “As organizations race to adopt AI, the security frameworks designed to safeguard sensitive data are often overlooked,” said a spokesperson for Wiz Research. “This incident serves as a wake-up call for the entire industry.” Read more.
Patched AI vulnerability permitted control over cloud studios
Lightning.AI, a popular platform for developing AI systems, had a parameter within its Javascript code that could have been “manipulated to give an attacker virtually unfettered access to a user’s cloud studio, as well as the ability to execute arbitrary code, exfiltrate sensitive data and create, modify or delete files,” according to a report from security firm Noma. Noma’s Gal Moyal said that the flaw, had it been exploited, could have had the power to “shut down essentially everything you own… This is every secret that you own; your AWS account, your platform within Lightning.AI, anything that was connected to Lightning.AI can now be used by a malicious actor to their want.” The parameter is said to have likely been a mistake that someone forgot to delete. “We are in an AI world where everything is fast-paced,” Moyal said. “There is very high, accelerated adoption of AI, and right now, I feel like this is a very fertile ground for mistakes and bugs.” Read more.
DeepSeek AI model causes U.S. market dive
DeepSeek, the currently trending Chinese AI app, stores the data of its users “in secure servers located in the People’s Republic of China” and raises the same concerns as TikTok about privacy and national security. DeepSeek has been downloaded over 2 million times and is topping the charts in Apple and Google’s app marketplaces. Additionally, DeepSeek is said to have been built with no Nvidia hardware for only $6 million, whereas OpenAI’s ChatGPT costs over $100 million to train. While some dispute the claim, it was enough to cause a loss of more than $1 trillion in U.S. market value as investors reacted to the possibility that Nvidia’s complex, next-gen product may not be needed to power future AI models. Read more.
AI implementation caused API vulnerabilities to surge
According to Wallarm’s 2025 API ThreatStats Report, AI-driven API vulnerabilities have surged by 1,205% over the past year. The data in the report indicates that more than 50% of all exploited vulnerabilities recorded by CISA were API-related, which marks a substantial spike compared to 2023’s 20%, and that 57% of AI-powered APIs were externally accessible. Only 11% had robust security measures, whereas 89% lacked authentication. The report also states that 99% of AI-related vulnerabilities are tied to API flaws. Wallarm recommends that organizations “prioritize API security to protect their operations, data, and reputation.” Read more.
Scareware blocker for Edge tested by Microsoft
Microsoft is debuting a new tool within its Edge browser called “scareware blocker” that “uses machine learning and computer vision to identify a very pervasive type of online scam.” Scareware is a term used to refer to pop-ups or other prompts and ads that intend to fool users into believing that a virus has been found on their device. Microsoft’s new tool “will exit full-screen mode, stop any audio playback (e.g., an alarm or voice) that might accompany the scam, and give the user the option to continue to the page or close it completely” if it suspects potential scareware. To do so, the tool uses machine learning and computer vision, which raises some privacy concerns. Read more.
Data stolen from browsers in new side-channel attacks on Apple CPUs
According to researchers, Apple’s latest processors are vulnerable to new side-channel attacks that could allow threat actors to steal data from web browsers. The vulnerabilities are due to “faulty speculative execution implementation, the underlying cause of notorious attacks like Spectre and Meltdown.” The attacks, dubbed FLOP and SLAP, take advantage of features designed to speed up processing by predicting instructions instead of waiting for them. The researchers say that “mispredictions in these mechanisms can result in arbitrary computations being performed on out-of-bounds data or wrong data values.” These mispredictions can allow for escaping the web browser sandbox and “reading cross-origin personally identifiable information on Safari and Chrome.” Read more.
PayPal to pay $2 million over 2022 data breach
PayPal will have to pay New York State $2 million over charges that it did not comply with the state’s cybersecurity regulations and was therefore responsible for a 2022 data breach. The Department of Financial Services (DFS) action says that the lapses in PayPal’s security provided an environment in which threat actors could engage in a successful credential-stuffing attack that affected 35,000 accounts. The announcement from New York highlights that one of PayPal’s security issues was related to how Form 1099-K tax forms were distributed to customers. “Customer data was exposed after PayPal implemented changes to existing data flows to make IRS Form 1099-Ks available to more of its customers,” explains DFS. “However, the teams tasked with implementing these changes were not trained on PayPal’s systems and application development processes. As a result, they failed to follow proper procedures before the changes went live.” Read more.
Alert: Lumma Stealer spread through fake Reddit and WeTranser sites
Sekoia researcher crep1x has discovered nearly 1,000 fraudulent web pages mimicking Reddit and WeTransfer that trick users into downloading the Lumma Stealer malware. “On the fake pages, the threat actor is abusing the Reddit brand by showing a fake discussion thread on a specific topic. The thread creator asks for help to download a specific tool, another user offers to help by uploading it to WeTransfer and sharing the link, and a third thanks him to make everything appear legitimate.” Clicking the link will take the victim to a fake WeTransfer site where the “download” button leads to the Lumma Stealer payload. Lumma Stealer can collect passwords, session tokens, and more. Read more.
Breach of Change Healthcare said to affect 190 million people
The breach of Change Healthcare, already the largest healthcare data breach on record, has doubled and is now said to have impacted 190 million customers. In a statement to Infosecurity, the company said that its first estimate of impacted victims was shy by 90 million, and the final number of affected people will be sent to the U.S. Department of Health and Human Services Office for Civil Rights. The company is still “not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis.” Compromised data includes customer contact details, health insurance and billing information, including card and banking details, Social Security numbers, and driver’s license details. Read more.
Five indicted for North Korean fake IT worker scam
Two U.S. nationals, a Mexican national, and two North Korean nationals have been indicted for their involvement in a scam that sees North Korean citizens obtain IT-related employment in another country to funnel money to Pyongyang. The defendants are accused of collecting $866,255 in revenue from 10 U.S. companies while “gaining employment from at least 64 American firms throughout the scheme, which ran from approximately April 2018 through August 2024.” The U.S. defendants are alleged to have hosted laptops at their residences, where the North Korean workers were able to use them via remote access software. “Forged and stolen identity documents, including U.S. passports with stolen personally identifiable information of an American individual, were used to obscure the actual identities of Jin, Pak and other co-conspirators from North Korea, according to the indictment.” Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
