Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

JavaScript

Yahoo Finance: U.S. Lawmakers Push to Ban China's DeepSeek AI Over Security Risks - Feroot Security Analysis

Washington, D.C. – U.S. lawmakers announced a bill to ban DeepSeek, the Chinese AI chatbot app, from government devices following a security analysis by Feroot Security that revealed alarming privacy and national security risks. The research suggests that DeepSeek collects user data, including digital fingerprints, login credentials, and behavioral information, potentially sending it to servers tied to the Chinese government.

PCI DSS 4.0.1 Compliance for Payment Providers (SAQ D) - How to Ensure Compliance Across Thousands of Payment Pages

Compliance for Payment Providers SAQ D presents unique challenges due to their distributed business model. With payment pages, iframes, and forms embedded across thousands of merchant websites, ensuring consistent security and maintaining PCI DSS 4.0.1 compliance requires sophisticated solutions and strategies.

Feroot Security Research Reveals DeepSeek AI's Hidden Data Pipeline to China

ABC Good Morning America featured an exclusive report this morning highlighting Feroot’s discovery of concerning code within DeepSeek’s AI platform. Feroot, a leading cybersecurity firm, uncovered hidden capabilities enabling direct data transmission from DeepSeek to China Mobile servers.

AP News - Feroot Research Uncovers DeepSeek's Connection to Chinese State-Owned Telecom

Researchers at Feroot Security have identified computer code within the web-based version of DeepSeek’s AI chatbot that could potentially send user login information to China Mobile, a Chinese state-owned telecommunications company. This discovery raises significant privacy and national security concerns, particularly as China Mobile has been barred from operating in the United States due to its alleged ties with the Chinese government and military.

Top 3 Mistakes PCI DSS SAQ-D Service Providers Are Making in 2025 That Will Knock Them Out of PCI DSS 4 Compliance

PCI DSS Compliance for SAQ-D Service Providers and Merchants is more critical than ever. Despite widespread awareness of the updated requirements, ot appears that over 90% of service providers remain unaware that they must implement new technical measures for the iFrames (with payment functions loaded) on their customers’ payment pages to meet Requirements 6.4.3 and 11.6.1.

PCI 4 for SAQ-A & SAQ-A-EP: Everything Merchants Need to Know to Master PCI DSS 4 Compliance

PCI DSS 4 introduces new requirements for SAQ-A and SAQ-A-EP Merchants. Key new changes are Requirements 6.4.3 and 11.6.1. While these requirements play a crucial role in preventing and detecting e-commerce skimming attacks they also require merchants to implement and operate new technical capabilities on payment webpages. Requirements 6.4.3 and 11.6.1 apply to all scripts executed in a consumer’s browser on payment pages, defined as web-based interfaces that capture or submit account data.

SAQ A-EP: Top 5 Actions Merchants Must Take to comply with PCI DSS 4 Requirements 6.4.3 and 11.6.1 by March 31, 2025

SAQ A-EP is a key focus of the Payment Card Industry Data Security Standard (PCI DSS) version 4, which introduces changes affecting merchants. Designed for e-commerce merchants who partially outsource their payment processing but have website elements impacting transaction security, SAQ A-EP ensures compliance with these updated requirements. This article clarifies these changes and outlines the top 5 actions SAQ A-EP merchants should take before March 31, 2025.

Top 5 Mistakes SAQ A-EP Merchants Are Making in 2025 That Will Knock Them Out of PCI 4.0 Compliance

If you thought PCI DSS 4.0.1 was just a minor tweak to the old requirements, think again. 2025 is here, and it’s clear that many SAQ A-EP merchants are still missing critical steps needed to stay compliant. In fact, we noticed that over 90% of SAQ A-EP merchants aren’t aware that they need to implement new technical measures to address Requirements 6.4.3 and 11.6.1.

PCI DSS 4.0.1: A Comprehensive Guide to Successfully Meeting Requirements 6.4.3 and 11.6.1

PCI DSS 4 Compliance requires a clear understanding of the latest requirements, particularly Requirement 6.4.3 and 11.6.1, which emphasize the importance of JavaScript monitoring for maintaining secure payment environments. For AppSec, Infosec, or ISA/QSA professionals, staying on top of PCI DSS 4.0.1 can feel overwhelming, but protecting payment card data leaves no room for errors.