Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform - Related to concerns, connector, log, over, bans

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.

The exposure also includes more than a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information, such as API Secrets and operational metadata. DeepSeek has since plugged the security hole following attempts by the cloud security firm to contact them.

The database, hosted at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000, is stated to have enabled unauthorized access to a wide range of information. The exposure, Wiz noted, allowed for complete database control and potential privilege escalation within the DeepSeek environment without requiring any authentication.

"The rapid adoption of AI services without corresponding security is inherently risky," Nagli presented in a statement shared with The Hacker News. "While much of the attention around AI security is focused on futuristic threats, the real dangers often come from basic risks—like the accidental external exposure of databases."

"Protecting customer data must remain the top priority for security teams, and it is crucial that security teams work closely with AI engineers to safeguard data and prevent exposure."

DeepSeek has become the topic du jour in AI circles for its groundbreaking open-source models that claim to rival leading AI systems like OpenAI, while also being efficient and cost-effective. Its reasoning model R1 has been hailed as "AI's Sputnik moment."

The upstart's AI chatbot has raced to the top of the app store charts across Android and iOS in several markets, even as it has emerged as the target of "large-scale malicious attacks," prompting it to temporarily pause registrations.

In an enhancement , 2025, the organization expressed it has identified the issue and that it's working towards implementing a fix.

At the same time, the organization has also been at the receiving end of scrutiny about its privacy policies, not to mention its Chinese ties becoming a matter of national security concern for the United States.

Furthermore, DeepSeek's apps became unavailable in Italy shortly after the country's data protection regulator, the Garante, requested information about its data handling practices and where it obtained its training data. It's not known if the withdrawal of the apps was in response to questions from the watchdog. A similar request has been sent by the Irish Data Protection Commission (DPC) as well.

Bloomberg, Financial Times, and The Wall Street Journal have also reported that both OpenAI and Microsoft are probing whether DeepSeek used OpenAI's application programming interface (API) without permission to train its own models on the output of OpenAI's systems, an approach referred to as distillation.

"We know that groups in [China] are actively working to use methods, including what's known as distillation, to try to replicate advanced US AI models," an OpenAI spokesperson told The Guardian.

Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them t......

The [website] Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of h......

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring dev......

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of consumers' personal data.

The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data.

In particular, it wanted to know what personal data is collected by its web platform and mobile app, from which findings, for what purposes, on what legal basis, and whether it is stored in China.

In a statement issued January 30, 2025, the Garante introduced it arrived at the decision after DeepSeek provided information that it introduced was "completely insufficient."

The entities behind the service, Hangzhou DeepSeek Artificial Intelligence and Beijing DeepSeek Artificial Intelligence, have "declared that they do not operate in Italy and that European legislation does not apply to them," it added.

As a result, the watchdog unveiled it's blocking access to DeepSeek with immediate effect, and that it's simultaneously opening a probe.

In 2023, the data protection authority also issued a temporary ban on OpenAI's ChatGPT, a restriction that was lifted in late April after the artificial intelligence (AI) firm stepped in to address the data privacy concerns raised. Subsequently, OpenAI was fined €15 million over how it handled personal data.

News of DeepSeek's ban comes as the enterprise has been riding the wave of popularity this week, with millions of people flocking to the service and sending its mobile apps to the top of the download charts.

Adding to the challenges, DeepSeek's large language models (LLM) have been found to be susceptible to jailbreak techniques like Crescendo, Bad Likert Judge, Deceptive Delight, Do Anything Now (DAN), and EvilBOT, thereby allowing bad actors to generate malicious or prohibited content.

"They elicited a range of harmful outputs, from detailed instructions for creating dangerous items like Molotov cocktails to generating malicious code for attacks like SQL injection and lateral movement," Palo Alto Networks Unit 42 expressed in a Thursday analysis.

"While DeepSeek's initial responses often appeared benign, in many cases, carefully crafted follow-up prompts often exposed the weakness of these initial safeguards. The LLM readily provided highly detailed malicious instructions, demonstrating the potential for these seemingly innocuous models to be weaponized for malicious purposes."

Further evaluation of DeepSeek's reasoning model, DeepSeek-R1, by AI security business HiddenLayer, has uncovered that it's not only vulnerable to prompt injections but also that its Chain-of-Thought (CoT) reasoning can lead to inadvertent information leakage.

In an interesting twist, the firm noted the model also "surfaced multiple instances suggesting that OpenAI data was incorporated, raising ethical and legal concerns about data sourcing and model originality."

The disclosure also follows the discovery of a jailbreak vulnerability in OpenAI ChatGPT-4o dubbed Time Bandit that makes it possible for an attacker to get around the safety guardrails of the LLM by prompting the chatbot with questions in a manner that makes it lose its temporal awareness. OpenAI has since mitigated the problem.

"An attacker can exploit the vulnerability by beginning a session with ChatGPT and prompting it directly about a specific historical event, historical time period, or by instructing it to pretend it is assisting the user in a specific historical event," the CERT Coordination Center (CERT/CC) stated.

"Once this has been established, the user can pivot the received responses to various illicit topics through subsequent prompts."

Similar jailbreak flaws have also been identified in Alibaba's Qwen [website] model and GitHub's Copilot coding assistant, the latter of which grant threat actors the ability to sidestep security restrictions and produce harmful code simply by including words like "sure" in the prompt.

"Starting queries with affirmative words like 'Sure' or other forms of confirmation acts as a trigger, shifting Copilot into a more compliant and risk-prone mode," Apex researcher Oren Saban expressed. "This small tweak is all it takes to unlock responses that range from unethical suggestions to outright dangerous advice."

Apex introduced it also found another vulnerability in Copilot's proxy configuration that it introduced could be exploited to fully circumvent access limitations without paying for usage and even tamper with the Copilot system prompt, which serves as the foundational instructions that dictate the model's behavior.

The attack, however, hinges on capturing an authentication token associated with an active Copilot license, prompting GitHub to classify it as an abuse issue following responsible disclosure.

"The proxy bypass and the positive affirmation jailbreak in GitHub Copilot are a perfect example of how even the most powerful AI tools can be abused without adequate safeguards," Saban added.

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the enterprise's Remote Support SaaS in......

An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, N......

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring dev......

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks.

This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf of the impersonated user, enabling unauthorized access to sensitive data, Zenity Labs stated in a findings shared with The Hacker News ahead of publication.

"This vulnerability can be exploited across Power Automate, Power Apps, Copilot Studio, and Copilot 365, which significantly broadens the scope of potential damage," senior security researcher Dmitry Lozovoy mentioned.

"It increases the likelihood of a successful attack, allowing hackers to target multiple interconnected services within the Power Platform ecosystem."

Following responsible disclosure in September 2024, Microsoft addressed the security hole, assessed with an "crucial" severity assessment, as of December 13.

Microsoft Power Platform is a collection of low-code development tools that allow people to facilitate analytics, process automation, and data-driven productivity applications.

The vulnerability, at its core, is an instance of server-side request forgery (SSRF) stemming from the use of the "custom value" functionality within the SharePoint connector that permits an attacker to insert their own URLs as part of a flow.

However, in order for the attack to be successful, the rogue user will need to have an Environment Maker role and the Basic User role in Power Platform. This also means that they would need to first gain access to a target organization through other means and acquire these roles.

"With the Environment Maker role, they can create and share malicious resources like apps and flows," Zenity told The Hacker News. "The Basic User role allows them to run apps and interact with resources they own in Power Platform. If the attacker doesn't already have these roles, they would need to gain them first."

In a hypothetical attack scenario, a threat actor could create a flow for a SharePoint action and share it with a low-privileged user (read victim), resulting in a leak of their SharePoint JWT access token.

Armed with this captured token, the attacker could send requests outside of the Power Platform on behalf of the user to whom access was granted to.

That's not all. The vulnerability could be extended further to other services like Power Apps and Copilot Studio by creating a seemingly benign Canvas app or a Copilot agent to harvest a user's token, and escalate access further.

"You can take this even further by embedding the Canvas app into a Teams channel, for example," Zenity noted. "Once consumers interact with the app in Teams, you can harvest their tokens just as easily, expanding your reach across the organization and making the attack even more widespread."

"The main takeaway is that the interconnected nature of Power Platform services can result in serious security risks, especially given the widespread use of the SharePoint connector, which is where a lot of sensitive corporate data is housed, and it can be complicated to ensure proper access rights are maintained throughout various environments."

The development comes as Binary Security detailed three SSRF vulnerabilities in Azure DevOps that could have been abused to communicate with the metadata API endpoints, thereby permitting an attacker to glean information about the machine's configuration.

As the gateways to corporate networks, VPNs are an attractive target for attackers seeking access to...

​Food delivery corporation GrubHub disclosed a data breach impacting the personal information of an undi...

Cybersecurity researchers have called attention to a software supply chain attack targeting the Go e...