🚀 DeepSeek’s AI Model and Security Breach: What You Need to Know
This week, DeepSeek, a rising star in the AI world from China, made headlines with its surprisingly affordable $5 million AI model training cost. But while the tech community buzzes about its potential, a major security lapse has stolen the spotlight.
🔓 The ClickHouse Database Leak
Researchers from Wiz discovered an unintentionally exposed ClickHouse database linked to DeepSeek. This database contained:
Chat histories
Log streams
API keys and sensitive secrets
The discovery wasn’t rocket science—just some basic domain mapping and port scanning. But the implications are huge: anyone with the right tools could access this treasure trove of data.
🤖 AI Tarpit: Fighting Back Against Unwanted AI Crawlers
Are you frustrated that AI companies are scraping your content without permission? Enter Nepenthes, a malicious (but clever) software project designed to waste AI crawlers’ time and resources.
How It Works:
Creates a slow-loading website that generates gibberish text.
Produces endless unique links, trapping crawlers in an infinite maze.
Confirmed to have successfully wasted significant time for multiple AI crawlers.
While AI companies are already working on mitigations, this project highlights the growing tension between content creators and AI developers.
👉 Check out the demo here: AI Tarpit Demo
🔍 QR Code Magic: One Image, Two URLs
Researchers are pushing the boundaries of QR codes with a fascinating new trick: embedding multiple URLs in a single QR code.
How It Works:
Using dithering techniques, a single QR code can display different URLs depending on the viewing angle or lighting.
This builds on earlier experiments with lenticular lenses to create multi-functional QR codes.
Imagine QR codes that change based on lighting conditions or user perspective—this could revolutionize marketing and security applications.
🍎 Apple’s FLOP and SLAP Vulnerabilities
Apple’s A and M chips are under scrutiny after the discovery of two speculative execution flaws:
1. FLOP (False Load Out Predictions):
Exploits mispredicted memory contents to access data.
Works in Safari and Chrome, allowing arbitrary data leakage.
2. SLAP (Speculation in Load Address Predictions):
Exploits mispredicted memory addresses.
Demonstrated in Safari, enabling data leaks across browser tabs.
In a chilling demo, a compromised tab read data from ProtonMail running in another tab. While Apple claims these flaws aren’t immediately exploitable, the risks are undeniable.
🔐 Bits and Bytes: Quick Security Updates
Fortigate Vulnerability: WatchTowr uncovered a race condition in Fortigate’s jsconsole interface, leading to an authentication bypass and super_admin access.
Unicode Woes: Windows’ “Best-Fit” character conversion is causing security headaches by bypassing checks during Unicode-to-ASCII conversion.
COM Object Exploitation: Google’s Project Zero dives into how IDispatch can be exploited to execute code across security boundaries.