Risks Rundowns

Cybercriminals are ramping up email spoofing attacks , faking sender addresses to bypass security filters and trick victims into engaging with malicious content . While protocols like DKIM, DMARC, and SPF were designed to prevent spoofing, attackers are now exploiting neglected domains to slip past modern defenses. Old Tricks, New Domains   Hackers are leveraging abandoned or misconfigured domains to send fraudulent emails. These domains, unused for years, lack proper DNS records, allowing them to bypass email security systems undetected . Tactics in Play   Cybercriminals are using a mix of techniques to deceive users: Phishing with QR Codes : Fake tax-related emails (mainly in Mandarin) contain QR codes linking to phishing sites designed to steal IDs and card details . Brand Spoofs : Attackers impersonate trusted companies like Amazon, Mastercard, and SMBC , tricking users into entering credentials on fraudulent login pages. Extortion Scams : Fake emails claim hackers reco...

DeepSeek , one of AI’s rising stars, just made a major security blunder—accidentally leaving a database wide open on the internet , exposing chat histories, secret keys, backend access, and more! This AI data leak raises serious concerns about security in the fast-growing AI industry. What Was Exposed?   Security researcher Gal Nagli (Wiz) discovered that DeepSeek’s ClickHouse database was completely accessible without any login , exposing: 1M+ log entries   Chat history & secret keys   Backend & API secrets   Full database control   This means hackers could have taken over DeepSeek’s systems with a simple web browser request!   Fixed… But Was It Too Late?   DeepSeek closed the security hole after Wiz reached out, but no one knows if cybercriminals got in first . The exposed database could have been a goldmine for espionage, AI manipulation, or unauthorized access to DeepSeek’s systems. AI’s Growing Pains  DeepSeek’s R1 reasoning mo...