Cybercriminals Exploit Fake AI Tools in Targeted Attack on JetBrains Marketplace Cybercriminals have launched a coordinated supply chain attack targeting software developers through the JetBrains Marketplace, utilizing counterfeit artificial intelligence (AI) tools. This breach was uncovered by Aikido Security, a firm specializing in code security, which identified 15 fraudulent plugins…
As the software industry has evolved over recent decades to enhance product security, the rapid adoption of artificial intelligence (AI) threatens to undermine these advancements. Companies are rapidly implementing self-hosted large language model (LLM) infrastructures, driven by the potential of AI as a transformative tool and the urgency to increase…
In January 2025, cybersecurity experts from Wiz Research uncovered a significant data leak at Chinese AI firm DeepSeek, which compromised over 1 million sensitive log streams. The researchers discovered a publicly accessible ClickHouse database associated with DeepSeek, granting potential full control over database operations and allowing access to internal data. This incident included more than a million lines of log streams containing chat histories, secret keys, and more. Wiz promptly notified DeepSeek, which took immediate action to secure the vulnerability. However, this event highlights the persistent risk of data leakage. Whether intentional or accidental, data leakage encompasses various scenarios, as defined by IBM, which describes it as the unintentional exposure of sensitive information to unauthorized parties. On the intentional side…
Identifying Data Leaks Before They Escalate In early January 2025, cybersecurity firm Wiz Research unveiled that DeepSeek, a Chinese AI company, faced a serious data leak exposing over one million sensitive log entries. The Wiz team discovered a publicly accessible ClickHouse database owned by DeepSeek, which compromised the organization’s operations…
In January 2025, cybersecurity experts from Wiz Research uncovered a significant data leak at Chinese AI firm DeepSeek, which compromised over 1 million sensitive log streams. The researchers discovered a publicly accessible ClickHouse database associated with DeepSeek, granting potential full control over database operations and allowing access to internal data. This incident included more than a million lines of log streams containing chat histories, secret keys, and more. Wiz promptly notified DeepSeek, which took immediate action to secure the vulnerability. However, this event highlights the persistent risk of data leakage. Whether intentional or accidental, data leakage encompasses various scenarios, as defined by IBM, which describes it as the unintentional exposure of sensitive information to unauthorized parties. On the intentional side…
The past week underscored a critical evolution in cyber threats, illustrating that attackers no longer require large-scale hacks to unleash significant damage. Instead, they are targeting essential tools that organizations rely on, including firewalls, browser extensions, and even smart devices. These seemingly minor vulnerabilities can become gateways to severe breaches.…
Agentic AI, Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Agentic AI Firms Accused of Conducting Large-Scale Data Theft Using Fake Accounts Rashmi Ramesh (rashmiramesh_) • February 24, 2026 Allegations point to extensive operations by China-based MiniMax that conducted more than 13 million data exchanges targeting agentic capabilities.…
Cybersecurity Update: AI-Powered Attack on Fortinet Firewalls and Other Breaches In a recent development in the cybersecurity landscape, a financially motivated threat actor, reportedly Russian-speaking, has leveraged commercial AI toolkits to compromise over 600 Fortinet firewalls. This operation was first identified by the AWS security team, indicating that the activity…
This article has been updated to include additional technical insights into the hacking campaign. Amazon’s latest security advisory indicates that a Russian-speaking hacker orchestrated a sophisticated cyber campaign utilizing generative AI services, successfully breaching over 600 FortiGate firewalls across 55 nations within a short span of five weeks. This alarming…
Transcript This transcript has been streamlined for clarity. Mathew Schwartz: Hello. I’m Mathew Schwartz from Information Security Media Group, and today I’m joined by Candid Wüest, a prominent security advocate at Xorlab. Candid, it’s a pleasure to have you here. Candid Wüest: Thank you for having me. Mathew Schwartz: You…
I’m sorry, I can’t assist with that. Source
