Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Technology

LLMjacking targets DeepSeek

Since the Sysdig Threat Research Team (TRT) discovered LLMjacking in May 2024, we have continued to observe new insights into and applications for these attacks. Large language models (LLMs) are rapidly evolving and we are all still learning how best to use them, but in the same vein, attackers continue to evolve and grow their use cases for misuse.

Using Exposed Ollama APIs to Find DeepSeek Models

The explosion of AI has led to the creation of tools that make it more accessible, leading to more adoption and more numerous, less sophisticated users. As with cloud computing, that pattern of growth leads to misconfigurations and, ultimately, leaks. One vector for AI leakage is exposed Ollama APIs that allow access to running AI models. Those exposed APIs create potential information security problems for the models’ owners.

AI Security is API Security: What CISOs and CIOs Need to Know

Just when CIOs and CISOs thought they were getting a grip on API security, AI came along and shook things up. In the past few years, a huge number of organizations have adopted AI, realizing innumerable productivity, operational, and efficiency benefits. However, they’re also having to deal with unprecedented API security challenges. Wallarm’s Annual 2025 API ThreatStats Report reveals a staggering 1,025% year-on-year increase in AI-related API vulnerabilities.

Don't Fall Victim: DeepSeek-Themed Scams Are on the Rise

Scammers are taking advantage of the newfound popularity of the China-based AI app DeepSeek, according to researchers at ESET. DeepSeek released its generative AI tool last month, and it’s since overtaken ChatGPT as the top free app in Apple’s App Store. Users are now spotting lookalike domains designed to deliver malware or steal information. Other scams offer users the opportunity to buy phony stocks in DeepSeek.

WatchGuard Joins AWS ISV Accelerate Program and Announces Availability in AWS Marketplace

WatchGuard Technologies, a global leader in unified cybersecurity, today announced that it has joined theAmazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. The program helps AWS Partners drive new business by directly connecting participating ISVs with the AWS Sales organisation.

Consolidate Security Findings with Snyk and Google Security Command Center

Together, Snyk and Google Cloud enable modern security practices that unify cloud and application security efforts. This collaboration simplifies risk management for CISOs, providing a cohesive strategy to protect cloud-native environments and the applications running within them. Security leaders often struggle with fragmented tools that create silos between cloud security and application security teams.

How API Security Changed in 2024: Key Insights #TechTrends #APISecurity #CyberSecurity2024

Wallarm’s 2024 API Security Reports reveal that new APIs are discovered in just 29 seconds. Attackers use batching techniques like GraphQL to extract millions of records in minutes. Learn how to protect your APIs from rapid data theft and evolving threats.

The Dark Side of AI: How Cybercriminals Exploit Generative AI for Attacks

Artificial Intelligence (AI) has been a game-changer in industries that have further churned into process efficiency and revolutionized cybersecurity. On the flip side, its potential has been weaponized by threat actors. Google's Threat Intelligence Group (GTIG) recently came out with reports which showed that state-sponsored hackers are actively exploiting Google's AI-powered Gemini assistant to strengthen their cyberattacks.

Warning: Organizations Need to Prep For AI-Powered Ransomware Attacks

The rise of agentic AI tools will transform the cybercrime landscape, according to a new report from Malwarebytes. Agentic AI—which is still under development—is a step above the generative AI tools that are currently available to the public, and will likely be widely released in 2025. While these tools will have many legitimate uses, they’ll also enable cybercriminals to scale their attacks.