Apple has released an out-of-band security update for a vulnerability which it says may have been exploited in an "extremely sophisticated attack against specific targeted individuals.”

Apple has released an emergency security update for a vulnerability which it says may have been exploited in an “extremely sophisticated attack against specific targeted individuals.”

The update is available for:

*   iOS 18.3.1 and iPadOS 18.3.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
*   iPadOS 17.7.5 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation

If you use any of these then you should install updates as soon as you can. To check if you’re using the latest software version, go to **Settings** (or **System Settings**) > **General** \> **Software Update**. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Update now

**Technical details**

The new-found zero-day vulnerability is tracked as CVE-2025-24200. When exploited, the vulnerability would allow an attacker to disable USB Restricted Mode on a locked device. The attack would require physical access to your device

The introduction of USB Restricted Mode feature came with iOS 11.4.1 in July 2018. The feature was designed to make it more difficult for attackers to unlock your iPhone. When USB Restricted Mode is active, your device’s Lightning port (where you plug in the charging cable) will only allow charging after the device has been locked for more than an hour. This means that if someone tries to connect your locked iPhone to a computer or other device to access its data, they won’t be able to do so unless they have your passcode.

To enhance data security, especially when traveling or in public places, it is recommended that you enable USB Restricted Mode in your device settings. If your iPhone, iPad or iPod Touch is running iOS 11.4.1 or later, USB Restricted Mode is automatically on by default, but if you want to check and enable USB Restricted Mode, this can be done by going to **Settings** > **Face ID & Passcode** or **Touch ID & Passcode** > **(USB) Accessories** and toggling off (grey) the **(USB) Accessories** option. Enabling this setting adds an extra layer of protection against unauthorized data access.

Accessories are safe now

Please note: toggling the option to green turns this feature off.

Vulnerabilities like these typically target specific individuals as deployed by commercial spyware vendors like Pegasus and Paragon. This means the average user does not need to fear attacks as long as the details are not published. But once they are, other cybercriminals will try to copy them.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple fixes zero-day vulnerability used in &#8220;extremely sophisticated attack&#8221; 

The UK has demanded Apple provides it with a worldwide backdoor into iCloud backups. Privacy organizations are furious.

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. Since then, privacy focused groups have uttered their objections.

The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. However, Apple itself doesn’t have access to it at the moment, only the holder of the Apple account can access data stored in this way.

Neither the Home Office nor Apple responded on the record to queries about the demand served by the Home Office under the Investigatory Powers Act (IPA) , but the BBC confirmed that it had heard the same information from reliable sources.

Privacy International said the demand is a “misguided attempt” that uses disproportionate government powers to access encrypted data, which may:

> “Set a damaging precedent and encourage abusive regimes around the world to take similar actions.”

The Electronic Frontier Foundation (EFF) stated:

> “Encryption is one of the best ways we have to reclaim our privacy and security in a digital world filled with cyberattacks and security breaches, and there’s no way to weaken it in order to only provide access to the good guys.”

The main goal for the Home Office is an optional feature that turns on end-to-end encryption for backups and other data stored in iCloud. This feature is called Advanced Data Protection. Enabling Advanced Data Protection (ADP), protects the majority of your iCloud data — including iCloud Backup, Photos, Notes, and more — using end-to-end encryption.

For some time, these backups presented law enforcement agencies with a loophole to obtain access to data otherwise not available to them on iPhones with device encryption enabled. If the user hasn’t enabled ADP, this loophole still exists.

The EFF recommends users should turn off the option to create iCloud backups should the UK get its way. As the EFF has said before, and we agree, there is no backdoor that only works for the “good guys” and only targets “bad guys.” It’s all or nothing, and the bad guys will have enough money to find alternatives, while regular users may run out of free options if governments keep doing this.

**What can I do?**

How you wish to proceed after this news is obviously up to you, but we have some options you may be interested in. If you think Apple will stand up against the UK’s Home Office you can enable iCloud backup and Advanced Data Protection.

But if you want to find another place for your backups, these instructions may come in handy.

****How to turn off iCloud backups********On iPhone or iPad****

*   Tap **Settings** > {username} > **iCloud On your iPhone or iPad**.
*   This will list the devices with iCloud Backup turned on.
*   To delete a backup, tap the name of a device, then tap **Turn Off and Delete from iCloud** (or **Delete & Turn Off Backup**).

iCloud backup disabled

****On Mac****

*   Click **Manage** > **Backups**.
*   A list of devices that have iCloud Backup turned on is shown.
*   To delete a backup, select a device, then click **Delete** or the **Remove** button.

Note: If you turn off iCloud Backup for a device, any backups stored in iCloud are kept for 180 days before being deleted.

**How to turn on Advanced Data Protection**

If you haven’t enabled ADP and you want it, first update the iPhone, iPad, or Mac that you’re using to the latest software version.

Turning on ADP on one device enables it for your entire account and all your compatible devices.

****On iPhone or iPad****

1.  Open the **Settings** app.
2.  Tap your name, then tap **iCloud**.
3.  Scroll down, tap **Advanced Data Protection**, then tap **Turn on Advanced Data Protection**.
4.  Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.

****On Mac****

1.  Choose **Apple menu** > **System Settings**.
2.  Click your name, then click **iCloud**.
3.  Click **Advanced Data Protection**, then click **Turn On**.
4.  Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.

Note: If you’re not able to turn on Advanced Data Protection for a certain period of time, the onscreen instructions may provide more details.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple ordered to grant access to users&#8217; encrypted data 

Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild.
Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack.
This

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update

PRESS RELEASE

WASHINGTON – Eric Council, 25, of Athens, Alabama, entered a guilty plea today to one count of conspiracy to commit aggravated identity theft in United States District Court for the District of Columbia. Council was arrested on October 17, 2024, in connection with his role in a conspiracy to hack into the X account of the U.S. Securities and Exchange Commission (SEC) and publish fraudulent posts in the name of the then-SEC Chairman. 

The plea was announced by U.S. Attorney Edward R. Martin, Jr., Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division, SEC Inspector General Deborah Jeffrey and FBI Special Agent in Charge Sean Ryan of the Washington Field Office, Criminal and Cyber Division.

Council’s plea was entered before U.S. District Court Judge Amy Berman Jackson in the District of Columbia. He faces a maximum sentence of five years in prison, a $250,000 fine, and up to three years of supervised release. His sentencing is scheduled for May 16, 2025.

According to court documents, from at least January 2024, Council conspired with others to carry out Subscriber Identity Model (SIM) attacks, commonly referred to as “SIM swaps,” in exchange for money. 

A SIM card is a chip that stores information identifying and authenticating a cell phone subscriber and connects a physical cell phone to a mobile carrier’s cellular and data network. A SIM swap attack is a form of sophisticated fraud where criminal actors fraudulently induce a mobile carrier to reassign a mobile phone number from a victim’s SIM card to a SIM card and telephone controlled by a criminal actor attempting to access valuable information associated with the victim’s telephone. Members of SIM swapping groups conduct SIM swaps for the purpose of defeating multifactor authentication and/or two-step verification security features for internet connected accounts, such as social media and virtual currency accounts. 

After convincing a mobile carrier to reassign a phone number to a new SIM card in the criminal actor’s control, members of the conspiracy generate password reset security authentication codes for online accounts and those codes are in turn sent to the telephone in the control of the criminal actor. Members of SIM swap groups share the security reset codes with one another to unlawfully access a victim’s internet connected accounts and complete the fraud. 

On or about January 9, 2024, Council, and others, executed a SIM swap of the mobile phone account associated with the @SECgov X account, the official account of the SEC. The purpose of this SIM swap was to gain unauthorized access to this government account in order to make fraudulent posts. 

Before January 9, a member of the conspiracy had identified the authorized user for the phone number linked to the official @SECgov X account. Council received instruction from a co-conspirator to perform the SIM swap on this phone line, along with information to make the needed fake ID, that is, an image of an ID card template with the authorized user’s name on it but Council’s face, and information purporting to be the user’s date of birth and social security number. 

Council used his portable ID card printer to create a physical ID which he used to impersonate the victim at an AT&T store in Huntsville, Alabama. Council provided false information to the AT&T store employee to explain why he needed a replacement SIM card. Council obtained the SIM card linked to the victim’s phone line and walked to a nearby Apple store where he purchased a new iPhone to use in the crime.  He inserted the SIM card to activate the phone, received the @SECGov X password reset codes on this new phone linked to the victim’s SIM card and used his personal cell phone to take a photo of the @SECgov X account reset code to share with his co-conspirators. After passing along the password reset codes, Council drove to Birmingham, Alabama and immediately returned the iPhone for cash.   

A member of the conspiracy used the reset code to gain access to the @SECGov X account and issue a fraudulent post in the name of the then-SEC Chairman, falsely announcing SEC approval of Bitcoin (BTC) Exchange Traded Funds (ETFs). The price of BTC increased by more than $1,000 following the post. Shortly after this unauthorized post, the SEC regained control over their X account and confirmed that the announcement was unauthorized and the result of a security breach, which caused the value of BTC decreased by more than $2,000.

Council also admitted to attempting to perform additional SIM swaps in June 2024 in Alabama. In June 2024, the FBI executed a search warrant at an Athens, Alabama, apartment where he resided. Agents recovered a fake identification card and a portable ID card printer. They also recovered a laptop computer.  

Pursuant to the search warrant, agents searched the laptop and discovered templates for additional fake identification cards stored on the laptop along with internet searches for

“SECGOV hack,” “telegram sim swap,” “how can I know for sure if I am being investigated by the FBI,” “What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them,” “what are some signs that the FBI is after you,” “Verizon store list,” “federal identity theft statute,” and “how long does it take to delete telegram account.” 

Council admitted to receiving approximately $50,000 from members of the conspiracy to perform SIM swap during the previous six months.   

This case is being investigated by the FBI Washington Field Office Criminal and Cyber Division, the SEC-Office of Inspector General, the U.S. Attorney’s Office for the District of Columbia, and the Computer Crime and Intellectual Property Section (CCIPS) and Fraud Section’s Market Integrity and Major Frauds Unit of the Justice Department’s Criminal Division. Significant assistance was provided by the FBI’s Birmingham Field Office.

The prosecution is being handled by Assistant United States Attorney Kevin Rosenberg, CCIPS Trial Attorney Ashley Pungello, and Fraud Section Trial Attorney Lauren Archer. Valuable assistance was provided by Assistant United States Attorney John Hundscheid from the Northern District of Alabama.

For more information on SIM swapping, go to: https://www.ic3.gov/PSA/2024/PSA240411

Guilty Plea in Hacking of the SEC's X Account That Caused Bitcoin Value Spike

Plus: Benjamin Netanyahu gives Donald Trump a golden pager, Hewlett Packard Enterprise blames Russian government hackers for a breach, and more.

As Elon Musk and his so-called Department of Government Efficiency rampage through United States federal institutions, WIRED reported extensively this week on DOGE’s members, activity, and digital access to some of the US government's most delicate and critical software systems. One DOGE technologist, 19-year-old high school graduate Edward Coristine, established at least five different companies in the past four years—including Tesla.Sexy LLC—and briefly worked at a network monitoring company that has hired convicted hackers. Experts question whether Coristine, who has gone by the name “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.

Meanwhile, DOGE’s apparent dismantling of USAID coupled with the US State Department's funding freeze have dramatically disrupted efforts to help people escape forced labor camps in Southeast Asia run by criminal scammers.

Outside of US government news, WIRED conducted an investigation into more than 300 cyberattacks in the past five years against US K–12 schools and found that victim schools sometimes withhold critical information about the scale and scope of the breaches from impacted students and parents. In slightly better news, data from the cryptocurrency tracing firm Chainalysis shows that ransomware payments fell precipitously in the second half of 2024. Experts fear, though, that the brief reprieve could be short-lived and may not be easy for defenders to sustain.

And there's more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**UK Home Secretary Orders Apple Enable Access to Encrypted iCloud Backups**

The Washington Post reported on Friday that Apple has received a secret order from the UK office of the Home Secretary mandating the company to provide a way to access any user data protected by the company’s Advanced Data Protection for iCloud. The feature, which debuted at the end of 2022, is designed with end-to-end encryption so only users themselves, not Apple, have access to their data. As a result, complying with the UK demand would require Apple to break the feature by building a backdoor into it. Sources told the Post that rather than install a backdoor, Apple is likely to withdraw support for Advanced Data Protection for iCloud in the UK. “Yet that concession would not fulfill the UK demand for backdoor access to the service in other countries, including the United States,” the Post noted.

The order was issued under the UK’s broad 2016 Investigatory Powers Act. UK law enforcement agencies, not to mention cops in the US and other countries, have championed encryption backdoors for years, and lawmakers have tried at various times to mandate backdoors. The Home Office told the Post in a statement, “We do not comment on operational matters, including for example confirming or denying the existence of any such notices.” An Apple spokesperson declined to comment to the Post.

**Israel’s Netanyahu Gave Trump a Golden Pager During Washington Meeting**

Israeli prime minister Benjamin Netanyahu gave President Donald Trump a golden pager when the two met in Washington on Tuesday. The gift references a September attack in Lebanon against the militant group Hezbollah in which booby-trapped pagers (and walkie-talkies) detonated in coordinated explosions around the country. The operation killed at least 42 people, including some civilians, and injured at least 4,000 civilians, according to Lebanese officials. The attack has been widely attributed to Israel, but the country has neither confirmed nor denied its involvement. At the meeting Trump apparently gave Netanyahu a signed photograph of the two of them, which he signed, “To Bibi, a great leader!”

**Hewlett Packard Enterprise Says Russian Government Hackers Stole Some Users’ Sensitive Data**

Hewlett Packard Enterprise has been notifying dozens of users that their personal information was stolen during a 2023 breach. The company is attributing the attack to Russian state-backed hackers. The stolen data included Social Security numbers, driver’s license information, and credit card numbers. The incident began as a system intrusion in May 2023 into HPE’s email mailboxes and Microsoft SharePoint systems. HPE publicly disclosed the incident in January 2024.

**PowerSchool Data Breach Impacted Students Outside the US, Including 16,000 in the UK**

The edtech giant PowerSchool says that at least 16,000 students in the United Kingdom had their data stolen as part of a massive December data breach that may have affected 62 million students and 9.5 million teachers, most of them in the US and Canada. Attackers used compromised credentials to infiltrate the company’s customer support portal and then access user data.

PowerSchool spokesperson Beth Keebler confirmed to TechCrunch in a statement that students at four UK schools were affected totaling “approximately 16,000 students.” It is not clear if this is the total number of UK victims. The compromised data includes students’ dates of birth, contact information, some medical data, and “other related information.”

UK Secret Order Demands That Apple Give Access to Users’ Encrypted Data

The secret use of other people's generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.

Source: Sergio Delle Vedove via Alamy Stock Photo

Sophisticated "LLMjacking" operations have obtained stolen access to DeepSeek models, just weeks after their public release.

LLMjacking, like proxyjacking and cryptojacking, involves the illicit use of someone else's computing resources for one's own purposes. In this case, it's individuals using popular and otherwise expensive large language models (LLMs) from OpenAI, Anthropic, etc., to generate images, circumvent national bans, and more, while passing the bill along to someone else.

Most recently, researchers from Sysdig observed hyperactive LLMjacking operations integrating access to models developed by DeepSeek. After the company released its DeepSeek-V3 model on Dec. 26, it only took LLMjackers a few days to obtain stolen access. Similarly, DeepSeek-R1 was released on Jan. 20, and attackers had it in their hands the very next day.

"This isn't just a fad anymore," Sysdig cybersecurity strategist Crystal Morin says of LLMjacking. "This is far beyond where it was when we first discovered it last May."

**How LLMjacking Works**

At scale, LLM usage can grow rather expensive. For instance, according to Sysdig's back-of-the-envelope calculations, 24/7 usage of GPT-4 could cost an account holder north of half a million dollars (though DeepSeek, at present, is orders of magnitude less expensive).

Related:Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini

In order to enjoy these models without having to incur their costs, attackers steal credentials for cloud services accounts, or application programming interface (API) keys associated with specific LLM apps. Then, they use scripts to verify that these do in fact provide access to a desired model.

Next, they incorporate that stolen authentication information into an "OAI" reverse proxy (ORP). ORPs bridge the user and the LLM, providing a layer of operational security.

The apparent forefather of ORPs, from which the name derives, was published on April 11, 2023. It has since been forked and configured on numerous occasions to incorporate new stealth features. Newer versions have incorporated password protections and obfuscation mechanisms — like making its website illegible until users disable CSS in their browsers — and eliminated prompt logging, covering up attackers' footsteps as they use the models. Proxies are further protected by Cloudflare tunnels, which generate random and temporary domains to shield the ORPs' actual virtual private server (VPS) or IP addresses.

New 4chan and Discord communities have flourished around ORPs, as people use illicit LLM access to generate NSFW content and imagery of other kinds, scripts of varying maliciousness, or just everyday stuff, like essays for school. And in countries like Russia, Iran, and China, regular people use ORPs to circumvent national bans on ChatGPT.

Related:'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks

**The Cost of LLMjacking to Account Holders**

Somebody, in the end, is going to pay for all computing resources used to generate NSFW images and school papers.

ORP developers don't want these bills to be too high, necessarily, or else their users' anomalous activity will more than likely raise alarms. To account for this, they build their programs on dozens, or even hundreds of different sets of credentials associated with different accounts. One ORP Sysdig recorded, for example, had incorporated 55 separate DeepSeek API keys, in addition to those associated with other artificial intelligence (AI) apps. By possessing many keys across many apps, ORPs can perform load balancing, spreading illicit usage as thinly as possible.

It doesn't always work out this way, though.

As Morin recalls, "I spoke a little bit with a Twitter user whose personal AWS account was compromised through LLMjacking. He woke up one morning and his $2 average monthly AWS bill — he \[mainly\] used it for email — spiked to $730 in two or three hours."

Related:AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Source: Crystal Morin via LinkedIn

Nobody knows exactly how the victim had his AWS credentials swiped, but he was already on his way to racking up a $20,000-plus bill. His lucky break was having cost alerts toggled on in AWS — they aren't on by default — allowing him to spot the anonymous activity early.

"He reached out to AWS customer support and asked them what was going on, and they had no idea. He did end up shutting off his account almost immediately, but there was a delay in the reporting of the cost. It ended up being, I think, between $10,000 to $20,000 total for about half a day's usage," Morin says.

AWS did end up bailing out the victim. Still, Morin warns, "You can imagine what a similar attack would do on an enterprise level, considering what could happen to just a single person."

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

LLM Hijackers Quickly Incorporate DeepSeek API Keys

A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.

Source: SOPA Images Limited via Alamy Stock Photo

A prompt engineer has challenged the ethical and safety protections in OpenAI's latest o3-mini model, just days after its release to the public.

OpenAI unveiled o3 and its lightweight counterpart, o3-mini, on Dec. 20. That same day, it also introduced a brand new security feature: "deliberative alignment." Deliberative alignment "achieves highly precise adherence to OpenAI's safety policies," the company said, overcoming the ways in which its models were previously vulnerable to jailbreaks.

Less than a week after its public debut, however, CyberArk principal vulnerability researcher Eran Shimony got o3-mini to teach him how to write an exploit of the Local Security Authority Subsystem Service (lsass.exe), a critical Windows security process.

**o3-mini's Improved Security**

In introducing deliberative alignment, OpenAI acknowledged the ways its previous large language models (LLMs) struggled with malicious prompts. "One cause of these failures is that models must respond instantly, without being given sufficient time to reason through complex and borderline safety scenarios. Another issue is that LLMs must infer desired behavior indirectly from large sets of labeled examples, rather than directly learning the underlying safety standards in natural language," the company wrote.

Deliberative alignment, it claimed, "overcomes both of these issues." To solve issue number one, o3 was trained to stop and think, and reason out its responses step by step using an existing method called chain of thought (CoT). To solve issue number two, it was taught the actual text of OpenAI's safety guidelines, not just examples of good and bad behaviors.

"When I saw this recently, I thought that \[a jailbreak\] is not going to work," Shimony recalls. "I'm active on Reddit, and there people were not able to jailbreak it. But it is possible. Eventually it did work."

**Manipulating the Newest ChatGPT**

Shimony has vetted the security of every popular LLM using his company's open source (OSS) fuzzing tool, "FuzzyAI." In the process, each one has revealed its own characteristic weaknesses.

"OpenAI's family of models is very susceptible to manipulation types of attacks," he explains, referring to regular old social engineering in natural language. "But Llama, made by Meta, is not, but it's susceptible to other methods. For instance, we've used a method in which only the harmful component of your prompt is coded in an ASCII art."

"That works quite well on Llama models, but it does not work on OpenAI's, and it does not work on Claude whatsoever. What works on Claude quite well at the moment is anything related to code. Claude is very good at coding, and it tries to be as helpful as possible, but it doesn't really classify if code can be used for nefarious purposes, so it's very easy to use it to generate any kind of malware that you want," he claims.

Shimony acknowledges that "o3 is a bit more robust in its guardrails, in comparison to GPT-4, because most of the classic attacks do not really work." Still, he was able to exploit its long-held weakness by posing as an honest historian in search of educational information.

In the exchange below, his aim is to get ChatGPT to generate malware. He phrases his prompt artfully, so as to conceal its true intention, then the deliberative alignment-powered ChatGPT reasons out its response:

Source: Eran Shimony via LinkedIn

During its CoT, however, ChatGPT appears to lose the plot, eventually producing detailed instructions for how to inject code into lsass.exe, a system process that manages passwords and access tokens in Windows.

Source: Eran Shimony via LinkedIn

In an email to Dark Reading, an OpenAI spokesperson acknowledged that Shimony may have performed a successful jailbreak. They highlighted, though, a few possible points against: that the exploit he obtained was pseudocode, that it was not new or novel, and that similar information could be found by searching the open Web.

**How o3 Might Be Improved**

Shimony foresees an easy way, and a hard way that OpenAI can help its models better identify jailbreaking attempts.

The more laborious solution involves training o3 on more of the types of malicious prompts it struggles with, and whipping it into shape with positive and negative reinforcement.

An easier step would be to implement more robust classifiers for identifying malicious user inputs. "The information I was trying to retrieve was clearly harmful, so even a naive type of classifier could have caught it," he thinks, citing Claude as an LLM that does better with classifiers. "This will solve roughly 95% of jailbreaking \[attempts\], and it doesn't take a lot of time to do."

Dark Reading has reached out to OpenAI for comment on this story.

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks.

New mobile apps from the Chinese artificial intelligence (AI) company **DeepSeek** have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks.

Public interest in the DeepSeek AI chat apps swelled following widespread media reports that the upstart Chinese AI firm had managed to match the abilities of cutting-edge chatbots while using a fraction of the specialized computer chips that leading AI companies rely on. As of this writing, DeepSeek is the third most-downloaded “free” app on the Apple store, and #1 on Google Play.

DeepSeek’s rapid rise caught the attention of the mobile security firm **NowSecure**, a Chicago-based company that helps clients screen mobile apps for security and privacy threats. In a teardown of the DeepSeek app published today, NowSecure urged organizations to remove the DeepSeek iOS mobile app from their environments, citing security concerns.

NowSecure founder **Andrew Hoog** said they haven’t yet concluded an in-depth analysis of the DeepSeek app for **Android** devices, but that there is little reason to believe its basic design would be functionally much different.

Hoog told KrebsOnSecurity there were a number of qualities about the DeepSeek iOS app that suggest the presence of deep-seated security and privacy risks. For starters, he said, the app collects an awful lot of data about the user’s device.

“They are doing some very interesting things that are on the edge of advanced device fingerprinting,” Hoog said, noting that one property of the app tracks the device’s name — which for many iOS devices defaults to the customer’s name followed by the type of iOS device.

The device information shared, combined with the user’s Internet address and data gathered from mobile advertising companies, could be used to deanonymize users of the DeepSeek iOS app, NowSecure warned. The report notes that DeepSeek communicates with **Volcengine**, a cloud platform developed by **ByteDance** (the makers of **TikTok**), although NowSecure said it wasn’t clear if the data is just leveraging ByteDance’s digital transformation cloud service or if the declared information share extends further between the two companies.

Image: NowSecure.

Perhaps more concerning, NowSecure said the iOS app transmits device information “in the clear,” without any encryption to encapsulate the data. This means the data being handled by the app could be intercepted, read, and even modified by anyone who has access to any of the networks that carry the app’s traffic.

“The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels,” the report observed. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

Hoog said the app does selectively encrypt portions of the responses coming from DeepSeek servers. But they also found it uses an insecure and now deprecated encryption algorithm called 3DES (aka Triple DES), and that the developers had hard-coded the encryption key. That means the cryptographic key needed to decipher those data fields can be extracted from the app itself.

There were other, less alarming security and privacy issues highlighted in the report, but Hoog said he’s confident there are additional, unseen security concerns lurking within the app’s code.

“When we see people exhibit really simplistic coding errors, as you dig deeper there are usually a lot more issues,” Hoog said. “There is virtually no priority around security or privacy. Whether cultural, or mandated by China, or a witting choice, taken together they point to significant lapse in security and privacy controls, and that puts companies at risk.”

Apparently, plenty of others share this view. _Axios_ reported on January 30 that U.S. congressional offices are being warned not to use the app.

“\[T\]hreat actors are already exploiting DeepSeek to deliver malicious software and infect devices,” read the notice from the chief administrative officer for the House of Representatives. “To mitigate these risks, the House has taken security measures to restrict DeepSeek’s functionality on all House-issued devices.”

_TechCrunch_ reports that Italy and Taiwan have already moved to ban DeepSeek over security concerns. _Bloomberg_ writes that **The Pentagon** has blocked access to DeepSeek. _CNBC_ says **NASA** also banned employees from using the service, as did the **U.S. Navy**.

Beyond security concerns tied to the DeepSeek iOS app, there are indications the Chinese AI company may be playing fast and loose with the data that it collects from and about users. On January 29, researchers at **Wiz** said they discovered a publicly accessible database linked to DeepSeek that exposed “a significant volume of chat history, backend data and sensitive information, including log streams, API secrets, and operational details.”

“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world,” Wiz wrote. \[Full disclosure: Wiz is currently an advertiser on this website.\]

KrebsOnSecurity sought comment on the report from DeepSeek and from Apple. This story will be updated with any substantive replies.

Experts Flag Security, Privacy Risks in DeepSeek AI App

Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team.

Thursday, February 6, 2025 14:03

> “Enough Ripples, And You Change The Tide. For The Future Is Never Truly Set.” X-Men: Days of Future Past

In January, I dedicated some time to examine threat data from 2024, comparing it with the previous years to identify anomalies, spikes, and changes.  

As anticipated, the number of Common Vulnerabilities and Exposures (CVEs) rose significantly, from 29,166 in 2023 to 40,289 in 2024, marking a substantial 38% increase. Interestingly, the severity levels of the CVEs remained centered around 7-8 for both years. 

When taking a closer look at the known exploited vulnerabilities reported by the Cybersecurity and Infrastructure Security Agency (CISA), I observed that the numbers remained relatively stable, with 186 in 2024 compared to 187 in 2023. However, there was a noteworthy 36% increase for the critical vulnerabilities scored (9-10).  

There is more to uncover from this data, and the analysis is still ongoing.  

It was also time to “stack” the data of our Quarterly Incident Response Reports. The standout aspects are the initial access vectors to me. "Exploiting Public Facing Applications" and "Valid Accounts" were dominant, outperforming other methods. This serves as a timely reminder to implement (proper) MFA and other identity and access control solutions as well as patch regularly and replace end-of-life assets. 

Reflecting on CVEs, patching, initial access vectors and also lateral movement, it's important to remember that the "free" support for Windows 10 will end on October 14, 2025.  

Mark.your.calendars. Please. And plan accordingly to ensure your systems remain secure.  

**The one big thing**

Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold.   

**Why do I care?**

Observium and WhatsUp Gold can be categorized as Network Monitoring Systems (NMS). A NMS as such holds a lot of valuable information such as Network Topology, Device Inventory, Log Files, Configuration Data and more, making them an attractive for the bad guys. 

**So now what?**

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, make sure your installation is up to date. 

**Top security headlines of the week**

The Cybersecurity and Infrastructure Security Agency analyzed a patient monitor used by the Healthcare and Public Health sector and discovered an embedded backdoor. (CISA) 

Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. (Hacker News) 

Nearly 100 journalists and other members of civil society using WhatsApp were targeted by a “zero-click” attack (Guardian) 

DeepSeek AI tools impersonated by infostealer malware on PyPI (Bleeping Computer) 

**Can't get enough Talos?**

*   Web shell frenzies, the first appearance of Interlock, and why hackers have the worst cybersecurity: IR Trends Q4 2024 
*   New TorNet backdoor seen in widespread campaign 

**Upcoming events where you can find Talos**

Talos team members: Martin LEE, Thorsten ROSENDAHL, Yuri KRAMARZ, Giannis TZIAKOURIS, and Vanja SVAJCER will be speaking at Cisco Live EMEA. Amsterdam, Netherlands, 9-14 February.   

S4x25 (February 10-12, 2025)  
Tampa, FL

RSA (April 28-May 1, 2025)  
San Francisco, CA

TIPS 2025 (May 14-15, 2025)  
Arlington, VA

**Most prevalent malware files from the week**

SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 

MD5: 2915b3f8b703eb744fc54c81f4a9c67f 

VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 

Typical Filename: VID001.exe 

Claimed Product: N/A 

Detection Name: Win.Worm.Coinminer::1201 

SHA256: 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca 

MD5: 71fea034b422e4a17ebb06022532fdde 

VirusTotal: https://www.virustotal.com/gui/file/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca 

Typical Filename: VID001.exe 

Claimed Product: n/a  

Detection Name: Coinminer:MBT.26mw.in14.Talos 

SHA256:873ee789a177e59e7f82d3030896b1efdebe468c2dfa02e41ef94978aadf006f  

MD5: d86808f6e519b5ce79b83b99dfb9294d   

VirusTotal: 

https://www.virustotal.com/gui/file/873ee789a177e59e7f82d3030896b1efdebe468c2dfa02e41ef94978aadf006f 

Typical Filename: n/a  

Claimed Product: n/a   

Detection Name: Win32.Trojan-Stealer.Petef.FPSKK8   

SHA 256:7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5   

MD5: ff1b6bb151cf9f671c929a4cbdb64d86   

VirusTotal: https://www.virustotal.com/gui/file/7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5  

Typical Filename: endpoint.query   

Claimed Product: Endpoint-Collector   

Detection Name: W32.File.MalParent   

SHA 256: 744c5a6489370567fd8290f5ece7f2bff018f10d04ccf5b37b070e8ab99b3241 

MD5: a5e26a50bf48f2426b15b38e5894b189 

VirusTotal: https://www.virustotal.com/gui/file/744c5a6489370567fd8290f5ece7f2bff018f10d04ccf5b37b070e8ab99b3241 

Typical Filename: a5e26a50bf48f2426b15b38e5894b189.vir 

Claimed Product: N/A 

Detection Name: Win.Dropper.Generic::1201

Tag

#apple