Cybersecurity

ChatGPT competitor DeepSeek has been hit with “large-scale malicious attacks” that forced the company to limit app registrations.

#ChatGPT #DeepSeek #AI #cyberattack #cybersecurity #app

https://cnews.link/deepseek-limits-registration-cyberattack-1/

📣 EMERGENCY UPDATE 📣

Apple pushed additional updates for a zero-day that may have been actively exploited.

🐛 CVE-2025-24085 (CoreMedia) additional patches:

• visionOS 2.3

#apple #cybersecurity #infosec #security #ios

🐛 NEW SECURITY CONTENT 🐛

🥽 visionOS 2.3 - 21 bugs fixed
https://support.apple.com/en-us/122073

#apple #cybersecurity #infosec #security #ios

More than half of the American population were affected by the ransomware attack on Change Healthcare last year. @Techcrunch has put together a timeline of the events, from the first cybersecurity report to the multi-million dollar ransom and the growing number of people impacted.

https://flip.it/NC6s6M

#Cybersecurity #Ransomware #dataBreach

📣 EMERGENCY UPDATE 📣

Apple pushed updates for a new zero-day that may have been actively exploited.

🐛 CVE-2025-24085 (CoreMedia):

• iOS and iPadOS 18.3
• macOS Sequoia 15.3
• tvOS 18.3
• watchOS 11.3

#apple #cybersecurity #infosec #security #ios

⚒️ FIXED IN iOS and iPadOS 18.3 ⚒️

• 5 bugs in AirPlay
• 3 bugs in CoreAudio
• 3 bugs in CoreMedia
• 3 bugs in WebKit
  and 15 other vulnerabilities fixed
  https://support.apple.com/en-us/122066

#apple #cybersecurity #infosec #security #ios

🐛 NEW SECURITY CONTENT 🐛

💻 macOS Sequoia 15.3 - 61 bugs fixed
https://support.apple.com/en-us/122068
💻 macOS Sonoma 14.7.3 - 41 bugs fixed
https://support.apple.com/en-us/122069
💻 macOS Ventura 13.7.3 - 31 bugs fixed
https://support.apple.com/en-us/122070
📱 iOS and iPadOS 18.3 - 29 bugs fixed
https://support.apple.com/en-us/122066
⌚ watchOS 11.3 - 18 bugs fixed
https://support.apple.com/en-us/122071
📺 tvOS 18.3 - 18 bugs fixed
https://support.apple.com/en-us/122072
📱 iPadOS 17.7.4 - 17 bugs fixed
https://support.apple.com/en-us/122067
🌐 Safari 18.3 - 7 bugs fixed
https://support.apple.com/en-us/122074

#apple #cybersecurity #infosec #security #ios

Tangerine Turkey is a VBS worm spreading via USB drives to install crypto mining malware.

#USB #CyberSecurity #crypto #cybercrime #cyberattacks

https://cnews.link/crypto-mining-worm-global-campaign-2/

Hackers are increasingly ‘salting’ scam emails with text invisible to human readers, which deceives security systems.

#HTML #cyberattacks #CyberSecurity #email #spam #hacker

https://cnews.link/hackers-evading-email-spam-filters-using-hidden-text-1/

A critical flaw in Meta’s AI framework allowed attackers to remotely deploy malware directly on the server hosting AI apps.

#META #AI #app #cybersecurity #cybercrime #server

https://cnews.link/meta-rushes-fix-critical-llama-stack-vulnerability-3/

The British Museum was forced to partially close last week after a former employee attacked its IT infrastructure.

#UK #cybersecurity #IT #cybercrime #TheGuardian

https://cnews.link/british-museum-systems-cyber-sabotage-1/

190 million people in America were affected by last year’s ransomware attack on UnitedHealth — nearly double previous estimates. @Techcrunch has more:

https://flip.it/orIBk-

#Tech #UnitedHealthCare #Technology #Ransonware #CyberSecurity

🔄 1 ENTRY CHANGE 🔄

📱 iOS and iPadOS 18 - 1 updated
https://support.apple.com/en-us/121250

#apple #cybersecurity #infosec #security #ios

"A pseudonymous coder has created and released an open source “tar pit” to indefinitely trap AI training web crawlers in an infinitely, randomly-generating series of pages to waste their time and computing power. The program, called Nepenthes after the genus of carnivorous pitcher plants which trap and consume their prey, can be deployed by webpage owners to protect their own content from being scraped or can be deployed “offensively” as a honeypot trap to waste AI companies’ resources.

“It's less like flypaper and more an infinite maze holding a minotaur, except the crawler is the minotaur that cannot get out. The typical web crawler doesn't appear to have a lot of logic. It downloads a URL, and if it sees links to other URLs, it downloads those too. Nepenthes generates random links that always point back to itself - the crawler downloads those new links. Nepenthes happily just returns more and more lists of links pointing back to itself,” Aaron B, the creator of Nepenthes, told 404 Media.

“Of course, these crawlers are massively scaled, and are downloading links from large swathes of the internet at any given time,” they added. “But they are still consuming resources, spinning around doing nothing helpful, unless they find a way to detect that they are stuck in this loop.”"

https://www.404media.co/developer-creates-infinite-maze-to-trap-ai-crawlers-in/

#AI #GenerativeAI #AITraining #WebCrawling #CyberSecurity

"Parents, students, teachers, and administrators throughout North America are smarting from what could be the biggest data breach of 2025: an intrusion into the network of a cloud-based service storing detailed data of millions of pupils and school personnel.

The hack, which came to light earlier this month, hit PowerSchool, a Folsom, California, firm that provides cloud-based software to some 16,000 K–12 schools worldwide. The schools serve 60 million students and employ an unknown number of teachers. Besides providing software for administration, grades, and other functions, PowerSchool stores personal data for students and teachers, with much of that data including Social Security numbers, medical information, and home addresses."

https://arstechnica.com/security/2025/01/students-parents-and-teachers-still-smarting-from-breach-exposing-their-info/

#USA #CyberSecurity #DataBreaches #Schools #CloudComputing

Warning: Do not trust *.g.co urls! #GoogleWorkspace domain verification seems to be quite lax and allow arbitrary .g.co to be created. This allows for extremely convincing #phishing to be performed where all communication appears to be coming from "google".

ref. https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4

#infosec #cybersecurity

Check out the program for the Software Heritage Symposium 2025, featuring panels on #CyberSecurity, #AI transparency, #openscience, and more. Join us in Paris or online: https://www.softwareheritage.org/2024/11/19/software-heritage-2025-symposium-summit/

SonicWall alerts users about a critical 9.8 out of 10 vulnerability affecting its widely used unified, secure access gateways from the SMA 1000 series.

#Network #cybersecurity #DataSecurity #vulnerability

https://cnews.link/sonicwall-warns-about-critical-vulnerability-1/

How ready is the open source community for cybersecurity regulations? 🛡️

Take our Cyber Resiliency Survey to share your insights on the Cyber Resilience Act and ways to support contributors in meeting security standards.

📋 Take the survey now: https://www.research.net/r/MR35RMF
#CyberResilience #OpenSource #CyberSecurity

"This decision sheds light on the government’s liberal use of what is essential a “finders keepers” rule regarding your communication data. As a legal authority, FISA Section 702 allows the intelligence community to collect a massive amount of communications data from overseas in the name of “national security.” But, in cases where one side of that conversation is a person on US soil, that data is still collected and retained in large databases searchable by federal law enforcement. Because the US-side of these communications is already collected and just sitting there, the government has claimed that law enforcement agencies do not need a warrant to sift through them. EFF argued for over a decade that this is unconstitutional, and now a federal court agrees with us."

https://www.eff.org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional

#USA #Surveillance #PoliceState #Section702 #Backdoors #CyberSecurity #Privacy

▪️ @cybernews@infosec.exchange research ▪️ Entire Georgian country population exposed in a massive data leak.

#cybersecurity #datasecurity #dataprivacy #database #Georgia

https://cnews.link/entire-georgian-country-population-exposed-3/

International AIDS Vaccine Initiative (IAVI), a global non-profit working to develop vaccines for AIDS and HIV, had people’s sensitive details stolen.

#cybersecurity #vaccines #AIDS #HIV #DataSecurity #infosec

https://cnews.link/aids-vaccine-non-profit-hacker-attack-1/

A nuclear war would dominate news and social media until the end. Cyber warfare, though less visible, is already underway, experts say.

#cybersecurity #nuclear #news #cybercrime #infosec

https://cnews.link/wef-cyber-frontlines-war-cybersecurity-cloudflare-1/

Nearly 50,000 vulnerable Fortinet devices are still accessible online despite the rushed patch addressing a widely exploited zero-day.

#cybersecurity #vulnerability #Fortinet #Security

https://cnews.link/nearly-50k-fortinet-devices-left-unpatched-widely-exploited-1/

Fewer than 10% of companies paying a ransom recover all their data, a Hiscox survey reveals.

#cybersecurity #data #ransom #cybercrime #cyberattack

https://cnews.link/ransomware-attacks-increase-data-recovery-survey-1/