lemmydev2

DeepSeek is working with Tsinghua University on reducing the training its AI models need in an effort to lower operational costs.

As you may have noticed by some of my recent diaries, I have spent a bit more time on ssh and telnet credentials. These credentials are collected by Cowrie, the amazing full features SSH and Telnet honeypot maintained by Michel Oosterhof. Cowrie is installed as a component if you install our DShield honeypot.

At present, cybercriminals are not deploying #AI agents to hack at scale. But researchers have demonstrated that agents are capable of executing complex attacks. #cyber #securityhttps://www.technologyreview.com/2025/04/04/1114228/cyberattacks-by-ai-agents-are-coming/

A now-patched flaw in Verizon ’s iOS Call Filter app exposed call records of millions. No abuse found. Only phone numbers and timestamps were at risk. A now-patched vulnerability in Verizon ’s iOS Call Filter app could have been exploited to harvest the call records of millions of Americans. Verizon’s Call Filter app allows users […]

Comments

A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. [...]

New end-to-end Gmail encryption alone isn't secure enough for an enterprise's most sensitive and prized data, experts say.

ProtectEU plan wants to have its cake and eat it too The EU has issued its plans to keep the continent's denizens secure and among the pages of bureaucratese are a few worrying sections that indicate the political union wants to backdoor encryption by 2026, or even sooner.…

TikTok owner ByteDance Ltd. is set to be hit by a privacy fine of more than €500 million ($553 million) for illegally shipping European users’ data to China, adding to the growing global backlash over the video-sharing app.

When it comes to the frequency and sophistication of software supply chain attacks, few industries can compare with the cryptocurrency industry. As RL’s 2025 Software Supply Chain Security Report notes: In 2024, there were close to two dozen sustained supply chain campaigns designed to compromise cryptocurrency applications, crypto owners’ wallets and trading platforms. 

There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype. Quarterly breakdown (Source: Sonatype) The Q1 figure represents a significant decrease from the more than 34,000 malicious packages discovered last quarter, largely due to a sharp drop in security holdings packages. However, compared to the same period last year, the overall malware count more than doubled. … More → The post Open-source malware doubles, data exfiltration attacks dominate appeared first on Help Net Security.

In 56% of Sophos managed detection and response (MDR) and incident response (IR) cases, attackers gained initial access to networks by exploiting external remote services, including edge devices such as firewalls and VPNs, and by leveraging valid accounts. Compromised credentials remain the top cause of attacks The combination of external remote services and valid accounts aligns with the top root causes of attacks. For the second year in row, compromised credentials were the number one … More → The post Cybercriminals exfiltrate data in just three days appeared first on Help Net Security.