A cybercriminal calling themselves emirking is offering 20 million OpenAI accounts for sale on a Dark Web forum

A cybercriminal acting under the monicker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself.

Post by emirking

A translation of the Russian statement by the poster says:

> “When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me—this is a treasure.”

The statement suggests that the cybercriminal found access codes which could be used to bypass the platform’s authentication systems. It seems unlikely that such a large amount of credentials could be harvested in phishing operations against users, so if the claim is true, emirking may have found a way to compromise the _auth0.openai.com_ subdomain by exploiting a vulnerability or by obtaining administrator credentials.

While emirking looks like a relatively new user of the forums (they joined in January 2025), that doesn’t necessarily mean anything. They could have posted under another handle previously and switched because of security reasons.

Millions of users around the world rely on OpenAI platforms like ChatGPT and other GPT integrations.

With the allegedly stolen credentials, cybercriminals could possibly access sensitive information provided during conversations and queries with OpenAI. This stolen data could prove useful in targeted phishing campaigns and financial fraud. But the stolen credentials could also be used to abuse the OpenAI API and have the victims pay for their usage of OpenAI’s “Plus” or “Pro” features. However, other users of the same dark web forum claimed that the posted credentials did not provide access to the ChatGPT conversations of the leaked accounts.

True or not, this comes at a bad time for OpenAI after Microsoft recently investigated accusations that DeepSeek used OpenAI’s ChatGPT model to train DeepSeek’s AI chatbot.

**What can users do?**

If you fear that this breach might include your credentials you should:

*   Change your password.
*   Enable multi-factor authentication (MFA).
*   Monitor your account for any unusual activity or unauthorized usage.
*   Beware of phishing attempts using the information that might be stolen as part of this breach.

BreachForums, the Dark Web forum where the accounts were offered for sale was offline at the time of writing, so we were unable to verify any claims ourselves. We will do so when the opportunity arises and keep you posted, so stay tuned.

 20 Million OpenAI accounts offered for sale 

UpGuard discovers exposed Ollama APIs revealing DeepSeek model adoption globally. See where these AI models are running and the security risks involved.

Cybersecurity researchers at third-party risk management firm UpGuard have identified a vulnerability surrounding exposed Ollama APIs, which provide access to running AI models. These exposed APIs not only pose security risks for model owners but also offer a unique opportunity to gauge the adoption rate and geographic distribution of specific AI models, such as **DeepSeek**.

**Ollama** is an AI model framework that simplifies interaction with models by providing a user-friendly interface for selecting and downloading models. However, as per UpGuard’s research, shared exclusively with Hackread.com ahead of its release, the API can be exposed to the public internet; its functions to push, pull, and delete models can put data at risk and unauthenticated users can also bombard models with requests, potentially causing costs for cloud computing resource owners. Existing vulnerabilities within Ollama could also be exploited. 

According to UpGuard’s **research**, there is already evidence of the vulnerability being exploited, with targeted IPs being tampered with.

  
A screenshot provided by UpGuard to Hackread.com shows an Ollama instance where the models appear to have been deleted.

Researchers expressed concern that Ollama APIs are likely used by hobbyists on home or small business internet connections or university networks and these systems can be easily compromised and incorporated into botnets for future attacks.

UpGuard also analyzed the distribution of DeepSeek models across different parameter sizes running on exposed Ollama APIs. The 14b and 7b options (representing models with 14 billion and 7 billion parameters) were the most commonly observed among the exposed DeepSeek models, suggesting that many users are opting for these mid-range models.

Approximately seven thousand IP addresses currently expose Ollama APIs, indicating an over 70% rise in three months, since in its survey **Laava** found four thousand IP addresses in November 2024. Out of these exposed IPs, 700 are running some version of DeepSeek. Specifically, 334 are utilizing models from the deepseek-v2 family, while 434 are running the newer deepseek-r1 model. 

Geographically, the highest concentration of IPs running DeepSeek models is located in China (171 IP addresses, representing 24.4%), followed by the U.S. (140 IP addresses, or 20%), and Germany (90 IP addresses, or 12.9%). 

Furthermore, the distribution of DeepSeek models within the US by Internet Service Provider (ISP) analysis reveals a diverse range of providers, from large entities like Google LLC and AT&T Enterprises LLC to smaller providers and universities. Also, researchers found the highest concentration of DeepSeek instances in China, the US, and Germany, with other countries contributing smaller percentages.

> _“There are really two things that surprised us in this research: how fast exposed Ollama APIs are growing, and how quickly DeepSeek has spread. Either of those could have big consequences in the future.”_
> 
> Greg Pollock, Director of Research and Insights – Upguard

It is worth noting that DeepSeek has been restricted by entities like the **US Navy**, the state of **Texas**, **NASA**, and Italy over concerns of possible data leakage to the Chinese government. While these concerns may not apply to open-source models, most users are unlikely to scrutinize the code, UpGuard researchers noted along with identifying potential risks within the models themselves.

Therefore, to prevent **AI data leakage**, it is essential to audit one’s attack surface for exposed Ollama APIs and remain aware of which models or AI products can be crucial in third-party risk management.

7,000 Exposed Ollama APIs Leave DeepSeek AI Models Wide Open to Attack

As the cost of data breaches continues to climb, the role of user and entity behavioral analytics (UEBA) has never been more important.

Jackie Wyatt, Adjunct Professor of Cyber Studies, University of Tulsa

February 7, 2025

4 Min Read

Source: Igor Stevanovic via Alamy Stock Photo

COMMENTARY

Last year, the cost of a data breach rose 10%, from $4.4 million to $4.8 million, as stated by IBM's annual "Cost of a Data Breach Report." According to cybersecurity firm Vectra AI, more than 70% of security operations center (SOC) leaders fear that a real attack will be hidden under an overwhelming flood of false-positive alerts and other security noise. The resulting burnout may be contributing to the labor shortage plaguing the industry. 

As the cost of data breaches continues to climb along with the deluge of meaningless alerts on an increasingly stressed workforce, the role of behavioral analytics in cybersecurity, or user and entity behavioral analytics (UEBA), has never been more important. That role is even more critical for schools, government agencies, and hospitals and other healthcare facilities. These entities play crucial roles in our day-to-day lives but operate with limited resources. They tend to have smaller cybersecurity teams and less money, amplifying the potential perils of a breach. In fact, the smaller the team, the greater the need for UEBA, which has a number of benefits.

**Weeds Out the Noise **

In the absence of behavioral analytics, every login and machine connection can result in an alert for the SOC. Without the ability to differentiate true threats from false positives, every threat detected is treated with high priority, which may cause the true positives to either get missed or not be addressed in a timely fashion. In places like schools, government offices, and medical facilities the consequences of missing an actual threat are monumental. These establishments thrive on their reputation while accumulating critical information that could mean life or death for a person.   

The danger of alert fatigue is real, causing SOC analysts to eventually ignore certain signals or attempt to address them all with no sense of which ones indicate actual risk. UEBA tracks access patterns across people, machines, and systems; eventually detecting and alerting the SOC only when there's a true risk. Not only does this approach cut out alert noise, it also limits the information bombarding the security team, reduces false positives, and virtually eliminates alert fatigue so analysts can focus on important alerts. Using behavioral analytics to detect the patterns that are normal makes it much easier to spot the ones that aren't. 

**Allows for Prioritization**

Using UEBA is already a no-brainer for many SOCs, but it has not been implemented for most hospitals, government institutions, and schools. Analyzing behavior patterns could have an even bigger payoff for those types of entities, in part because their teams are small. With a fully functioning, automated UEBA system, analysts know alerts are far more likely to be credible and worth their time to investigate. 

When discussing pattern detection and automation, AI naturally springs to mind. This makes perfect sense because UEBA is an excellent use case for AI. The kind of public sector/public good entities that have the most limited resources are best suited to leverage the power of AI combined with UEBA. It could virtually eliminate the disadvantage of fewer resources because a well-trained AI would only surface credible threats for human vetting. AI is not susceptible to alert fatigue, burnout, or the lure of a higher salary elsewhere. An automated system may be able to handle threat response, however its greatest potential lies in prioritizing potential threats for SOC analysts to analyze them more efficiently. This saves engineers and analysts countless hours, since they do not have to craft rules and queries to achieve the desired outcome.

**Reduces Risk **

It may be difficult for some executives to wrap their heads around placing an automated system at the heart of their security operations. Some worry about all the company data being in one place. Others fear AI might miss something, but it seems that the risk of a small and overwhelmed team subject to burnout is greater. While it's possible for a problem to surface with AI, it's more likely that a problem will arise with stressed out people.  

Some companies have already seen the benefit of involving AI in their security operations. About 70% of those that responded to a Vectra AI survey said AI has already reduced burnout and increased threat detection and response abilities. Imagine moving the needle that much for the places that instruct our kids, provide healthcare, and keep the lights on. 

**About the Author**

Adjunct Professor of Cyber Studies, University of Tulsa

Jackie Wyatt is an adjunct professor of cyber studies at the University of Tulsa and a cybersecurity operations analyst at QuikTrip. Jackie received a master’s degree in cybersecurity from Maryville University. She holds the Certified Enterprise Defender (GCED) certification and Coin from SANS, marking her as an expert in network defense and incident response. Her combination of advanced education and hands-on experience makes her a valuable figure in the cybersecurity field.

Behavioral Analytics in Cybersecurity: Who Benefits Most?

The ABB Cylon FLXeon BACnet controller is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability can be exploited in a loop to start multiple instances of tcpdump, leading to resource exhaustion, denial of service (DoS) conditions, and potential data exfiltration. The lack of authentication on the WebSocket interface allows unauthorized users to continuously spawn new tcpdump processes, amplifying the attack's impact.

Title: ABB Cylon FLXeon 9.3.4 (wsConnect.js) WebSocket Command Spawning PoC  
Advisory ID: ZSL-2025-5913  
Type: Local/Remote  
Impact: DoS  
Risk: (5/5)  
Release Date: 07.02.2025

**Summary**

BACnet® Smart Building Controllers. ABB's BACnet portfolio features a series of BACnet® IP and BACnet MS/TP field controllers for ASPECT® and INTEGRA™ building management solutions. ABB BACnet controllers are designed for intelligent control of HVAC equipment such as central plant, boilers, chillers, cooling towers, heat pump systems, air handling units (constant volume, variable air volume, and multi-zone), rooftop units, electrical systems such as lighting control, variable frequency drives and metering.

The FLXeon Controller Series uses BACnet/IP standards to deliver unprecedented connectivity and open integration for your building automation systems. It's scalable, and modular, allowing you to control a diverse range of HVAC functions.

**Description**

The ABB Cylon FLXeon BACnet controller is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability can be exploited in a loop to start multiple instances of tcpdump, leading to resource exhaustion, denial of service (DoS) conditions, and potential data exfiltration. The lack of authentication on the WebSocket interface allows unauthorized users to continuously spawn new tcpdump processes, amplifying the attack's impact.

**Vendor**

ABB Ltd. - https://www.global.abb

**Affected Version**

FLXeon Series (FBXi Series, FBTi Series, FBVi Series)  
CBX Series (FLX Series)  
CBT Series  
CBV Series  
Firmware: <=9.3.4

**Tested On**

Linux Kernel 5.4.27  
Linux Kernel 4.15.13  
NodeJS/8.4.0  
Express

**Vendor Status**

\[21.04.2024\] Vulnerability discovered.  
\[22.04.2024\] Vendor contacted.  
\[22.04.2024\] Vendor responds.  
\[02.05.2024\] Working with the vendor.  
\[20.01.2025\] Vendor releases version 9.3.5 to address this issue.  
\[07.02.2025\] Coordinated public security advisory released.

**PoC**

ws.sh

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

\[1\] https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684&LanguageCode=en&DocumentPartId=PDF&Action=Launch  
\[2\] https://www.cve.org/CVERecord?id=CVE-2024-48849

**Changelog**

\[07.02.2025\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

ABB Cylon FLXeon 9.3.4 (wsConnect.js) WebSocket Command Spawning PoC

Local law enforcements need to steer away from "place-based policing" when investigating cybercrimes.

Source: motortion via Adobe Stock Photo

Last November, an Idaho man was sentenced to 10 years in prison for hacking into the computer servers of 19 victims across the United States, stealing personally identifiable information (PII) belonging to more than 132,000 people, and attempting to extort a Florida orthodontist for payment in Bitcoin cryptocurrency.

The perpetrator, Robert Purbeck, had also purchased access to the computer server belonging to a medical clinic in Griffin, Ga., from a cybersecurity forum and used stolen credentials to remove records containing sensitive PII, such as birth dates and Social Security numbers for 43,000 individuals, according to the US Department of Justice. In addition, Purbeck purchased access to a server belonging to the police department of Newnan, Ga., and stolen police reports and other documents, including the PII for over 14,000 people.

This case illustrates some of the challenges law enforcement currently face trying to investigate and arrest criminals in an increasingly digital world where cybercriminals operate across state — and often national — lines, employing a variety of tools. While the FBI plays a significant role in investigating cybercrime, most of the responsibility often falls to local law enforcement — municipal police departments, county sheriff's offices, and other local agencies. These groups have to determine jurisdiction and secure limited resources while staying on top of the ever-evolving threat landscape.

In 2023, the Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) received 880,418 cybercrime complaints, a nearly 10% increase from 2022. Potential losses exceeded $12.5 billion, up 22% from 2022. While the figures for 2024 are not yet available, the numbers are expected to be even higher.

At the top of the list is a need to evolve beyond place-based policing, says Dr. Chris Moloney, an instructor at Colorado State University whose research focuses on the digital transformation of public safety agencies.

"One of the greatest challenges is that \[local\] agencies have historically evolved to be place-based, and they've been resourced to deal with physical, tangible crimes, burglaries, robberies, arsons, homicides, all those that show up on TV shows and in the newspapers," he says. "But cybercrime is borderless. Your perpetrator could be thousands of miles away, and your victims could be in your small local town that has a police department with 15 employees. That's a fundamental challenge."

In addition to questions of place and jurisdiction, Moloney says local law enforcement also suffers from resource and "capability gaps." Local police departments may struggle to allocate budgets for software that can analyze forensic evidence or hire personnel with expertise in areas like encryption or blockchain.

And prioritizing cybercrime often takes a back seat to the day-to-day issues facing a local community.

“When I want to make sure that my neighborhood's safe, it's a very, very challenging dynamic for leadership to go to the community or to go to their local government and say, 'We need more money specifically for these technological resources,'" Moloney says.

**Public-Private Partnerships Are Key**

Law enforcement also has to compete for talent with the private sector, which can afford to pay higher salaries to those with cyberskills, Moloney says. However, law enforcement also needs to work in partnership with the private sector to investigate and prosecute some kinds of cybercrime. 

"One of the best solutions is a better defense, right? And that's where the private sector comes in in a big way," he says. "And that's where education comes in a big way."

In addition to enhanced partnerships with the private sector, fighting the rise of cybercrime will require finding ways to bring agencies and law enforcement groups together and making cybercrime a priority by providing increased financial and technological resources and staffing.

"We do not have a unified or coherent strategy or set of tactics or solutions that unify how everybody's approaching this issue," Moloney says. "It's a challenging environment, and it's really complicated. How do we navigate all those different issues that are all coming together at the same time and recognize that if you don't do it, it's only going to get worse?"

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Cybercrime Forces Local Law Enforcement to Shift Focus

Ya-moon, S. Korea’s notorious sex crime hub operating since 1990, hacked; user data leaked, exposing CSAM, exploitation, and illicit activities.

A hacker using the alias “Valerie” is claiming to have hacked Ya-moon, a notorious South Korean private pornography website and forum. According to the hacker, the hack took place in June 2024 using a zero-day vulnerability, but the details of it have only been shared earlier today.

The site, which has been operating since 1990, is infamous for hosting illicit content, including Child Sexual Abuse Material, also known as **CSAM**, hidden camera footage, revenge porn, and videos depicting rape. Its users often brag about gang rapes, the sexual exploitation of minors, and the intimidation of women into sexual acts.

Hacker on Breach Forums where data has been leaked (Screenshot credit: Hackread.com)

The hacker claims that despite multiple attempts by South Korean authorities, Interpol, and U.S. law enforcement to dismantle the site, efforts had previously failed to bring it down. Now, a massive data breach has exposed the platform’s users, including 326,000 lines of data.

****The Hack and Leaked Data****

According to the hacker, the website’s entire database and chat logs have been published online. Initially, the data was handed over to a “databroker” who leaked a small portion but then disappeared, allegedly arrested. Frustrated with the inactivity surrounding the breach, the hacker decided to release the full dataset independently.

****Key Data Exposed in the Ya-moon.com Breach****

As seen and analysed by _Hackread.com’s research team_, the leaked database includes personally identifiable information (PII) and incriminating activity logs, making this quite a sensitive leak. The dataset contains:

1: **User Identification**

*   **Usernames**
*   **IP addresses (revealing user locations)**
*   **Email addresses (52,000 – some linked to real identities)**
*   **Plain-text passwords (suggesting weak security measures)**

**2: Activity & Behavior**

*   **Date of joining the forum**
*   **Last activity timestamps (showing recent usage patterns)**
*   **Chat logs, containing discussions of illegal activities**
*   **Published content, including uploaded media and discussion posts**

**3: Private Communications**

*   **Inbox messages exchanged between users**
*   **Potential evidence of coordination or transactions**
*   **Discussions about law enforcement activity, security concerns, and evasion tactics.**

The leaked data (Screenshot credit: Hackread.com)

If verified, this could be a major blow to users who engaged in illegal activities on the platform, as law enforcement agencies could track down those involved.

****Korean-Based User Activity Revealed in the Breach****

The majority of users’ IP addresses trace back to South Korea. This confirms that Ya-moon.com is largely a domestic operation, based on South Korean users who engaged in illegal content distribution and discussions. While some may have used VPNs or proxies, many users relied on their real IP addresses, suggesting a lack of security within the forum.

This dataset could also become a crucial investigative tool for South Korean authorities, who have struggled for years to take down networks like this one. If acted upon, it may lead to important arrests and legal action against individuals involved in the platform’s criminal activities.

****South Korea and Online Sex Crimes****

South Korea has a long history of tackling online sex crimes, including high-profile cases like the **Nth Room scandal**, where perpetrators exploited victims through encrypted chatrooms. However, forums like Ya-moon.com continued to exist, exposing gaps in enforcement and digital policing.

If authorities acquire and verify the data, arrests and prosecutions could follow, similar to previous dark web takedowns like **Operation Dark HunTor** and **Playpen**. This breach may deter users from engaging in illicit activities online, knowing they can be exposed.

****Not The First Time****

This is not the first instance of hackers targeting sites linked to CSAM and other forms of abuse. **In February 2017**, Anonymous hacktivists breached Freedom Hosting II, the largest dark web hosting provider at the time, resulting in the shutdown of thousands of CSAM sites. The hosting service managed approximately **11,000 websites**, accounting for nearly 20% of all dark web sites that year.

S. Korea’s Notorious Sex Crime Hub Ya-moon Hacked, User Data Leaked

Cybereason co-founders launch their second act with a security startup focused on offering a platform that uses agentic AI to offload repetitive tasks commonly performed by security analysts.

Source: Laurent Davoust via Alamy Stock Photo

The co-founders of EDR provider Cybereason have regrouped with a new security startup, 7AI, to help organizations shift the burden of performing repetitive and routine security tasks currently performed by human analysts onto AI. 7AI's Agentic AI Platform frees security professionals from time-consuming tasks, such as triaging alerts, interpreting signals, correlating telemetry, and hunting for known threats, says Lior Div, one of the co-founders.

Div and Yonatan Striem-Amit left Cybereason two years ago after Softbank took a majority stake in the company; they founded 7AI in April 2024. The startup, which emerged from stealth on Thursday, says more than a dozen companies, mostly large and midsize enterprises, are already using its Agentic AI Platform. 7AI also received $36 million in seed funding from Greylock Partners, Spark Capital, and CRV.

Div describes agentic AI as "swarms of AI agents" capable of autonomously taking on routine security tasks. Unlike isolated generative AI agents, these swarms can enable autonomous operations by pooling and communicating their intelligence to investigate and prioritize threats while optimizing system resources. A swarm of agents working in tandem means that one agent could be configured to discover suspicious telemetry in an endpoint detection and response (EDR) system while another could be configured to validate the potential threat by correlating cloud logs. Yet another agent could be configured to observe user behavior patterns in identity and access management (IAM) systems. 

"Instead of spending their time on repetitive work to respond to alerts, our early customers are able to start their work with full context, drastically fewer false positives, and the results of full investigations," Div explained in a blog post announcing the company's new platform. The platform documents how each agent reached its conclusions and can be reviewed at any time by human analysts.

7AI's agentic AI capabilities, which is hosted in the Amazon Web Services cloud, is built with generative AI tools from Open AI and Anthropic.

"When it comes to reasoning, we're using Open AI," Div tells Dark Reading. "But when it comes to actually implementing and writing code, we're using Anthropic."

**A Replacement for SOAR?**

The platform is not designed to replace security administrators and analysts but rather allow them to take mundane tasks off their plates so they can allocate their time to more strategic functions.

"AI will take away 90% of the boring, toiling work," Div says.

Besides handling repetitive tasks, 7AI's platform is designed to correlate telemetry without moving data into another system. For example, in a typical threat hunting scenario, the data would have to be pushed into a security information and event management (SIEM). Instead, 7AI correlates the information at its source. The platform can also detect threat activity and anomalies in IAM systems such as Okta, Div says.

"We believe our AI will meet the data where the data was born," he says. "You don't have to send a lot of those pieces to the SIEM anymore."

This could also reduce organizations' reliance on managed security and service providers or managed detection and response providers, Div suggests.

"We don't think that you will need a SOAR once you have our system because it will decide on the fly what is the right playbook to run and what type of investigation to conduct without the need for human beings to specify it step by step," Div says.

**About the Author**

Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

7AI Streamlines Security Operations With Autonomous AI Agents

OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.

Source: SOPA Images Limited via Alamy Stock Photo

A prompt engineer has challenged the ethical and safety protections in OpenAI's latest o3-mini model, just days after its release to the public.

OpenAI unveiled o3 and its lightweight counterpart, o3-mini, on Dec. 20. That same day, it also introduced a brand new security feature: "deliberative alignment." Deliberative alignment "achieves highly precise adherence to OpenAI's safety policies," the company said, overcoming the ways in which its models were previously vulnerable to jailbreaks.

Less than a week after its public debut, however, CyberArk principal vulnerability researcher Eran Shimony got o3-mini to teach him how to write an exploit of the Local Security Authority Subsystem Service (lsass.exe), a critical Windows security process.

**o3-mini's Improved Security**

In introducing deliberative alignment, OpenAI acknowledged the ways its previous large language models (LLMs) struggled with malicious prompts. "One cause of these failures is that models must respond instantly, without being given sufficient time to reason through complex and borderline safety scenarios. Another issue is that LLMs must infer desired behavior indirectly from large sets of labeled examples, rather than directly learning the underlying safety standards in natural language," the company wrote.

Deliberative alignment, it claimed, "overcomes both of these issues." To solve issue number one, o3 was trained to stop and think, and reason out its responses step by step using an existing method called chain of thought (CoT). To solve issue number two, it was taught the actual text of OpenAI's safety guidelines, not just examples of good and bad behaviors.

"When I saw this recently, I thought that \[a jailbreak\] is not going to work," Shimony recalls. "I'm active on Reddit, and there people were not able to jailbreak it. But it is possible. Eventually it did work."

**Manipulating the Newest ChatGPT**

Shimony has vetted the security of every popular LLM using his company's open source (OSS) fuzzing tool, "FuzzyAI." In the process, each one has revealed its own characteristic weaknesses.

"OpenAI's family of models is very susceptible to manipulation types of attacks," he explains, referring to regular old social engineering in natural language. "But Llama, made by Meta, is not, but it's susceptible to other methods. For instance, we've used a method in which only the harmful component of your prompt is coded in an ASCII art."

"That works quite well on Llama models, but it does not work on OpenAI's, and it does not work on Claude whatsoever. What works on Claude quite well at the moment is anything related to code. Claude is very good at coding, and it tries to be as helpful as possible, but it doesn't really classify if code can be used for nefarious purposes, so it's very easy to use it to generate any kind of malware that you want," he claims.

Shimony acknowledges that "o3 is a bit more robust in its guardrails, in comparison to GPT-4, because most of the classic attacks do not really work." Still, he was able to exploit its long-held weakness by posing as an honest historian in search of educational information.

In the exchange below, his aim is to get ChatGPT to generate malware. He phrases his prompt artfully, so as to conceal its true intention, then the deliberative alignment-powered ChatGPT reasons out its response:

Source: Eran Shimony via LinkedIn

During its CoT, however, ChatGPT appears to lose the plot, eventually producing detailed instructions for how to inject code into lsass.exe, a system process that manages passwords and access tokens in Windows.

Source: Eran Shimony via LinkedIn

In an email to Dark Reading, an OpenAI spokesperson acknowledged that Shimony may have performed a successful jailbreak. They highlighted, though, a few possible points against: that the exploit he obtained was pseudocode, that it was not new or novel, and that similar information could be found by searching the open Web.

**How o3 Might Be Improved**

Shimony foresees an easy way, and a hard way that OpenAI can help its models better identify jailbreaking attempts.

The more laborious solution involves training o3 on more of the types of malicious prompts it struggles with, and whipping it into shape with positive and negative reinforcement.

An easier step would be to implement more robust classifiers for identifying malicious user inputs. "The information I was trying to retrieve was clearly harmful, so even a naive type of classifier could have caught it," he thinks, citing Claude as an LLM that does better with classifiers. "This will solve roughly 95% of jailbreaking \[attempts\], and it doesn't take a lot of time to do."

Dark Reading has reached out to OpenAI for comment on this story.

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini

While President Trump supported federal space efforts during his first administration, the addition of SpaceX chief Elon Musk to his circle likely means challenges for regulating spacecraft cybersecurity, experts say.

Source: Andrei Armiagov via Shutterstock

The cybersecurity of satellites, spacecraft, and other space-based systems continues to lag behind current threats, despite efforts by the National Aeronautics and Space Administration (NASA) to require that contractors shore up electronic protections for the hardware and software provided to the US space program.

The cybersecurity gaps will likely only grow worse as the Trump administration's efforts to deregulate private industry accelerates, and as Elon Musk — the CEO of the largest private space company, SpaceX —  pushes for less stringent requirements for spacecraft and launch-system manufacturers, experts say. The company's lobbyists have already reportedly pushed to disband the National Space Council (NSpC), a group of experts established during the George H.W. Bush administration that develops policies and guidelines for US space programs.

Meanwhile, the United States and its commercial contractors must keep up with an accelerating threat landscape, says Samuel Sanders Visner, a technical fellow at the Aerospace Corporation, a federally funded research and development center, who also serves as chairman of the board of the Space Information Sharing and Analysis Center (Space ISAC).

"Our potential adversaries understand the critical nature of our space systems to our national and economic security, \[so\] we can expect they will continue to develop the means to hold at risk these systems," he says. "We must redouble our own efforts to stay ahead of adversaries' capabilities."

Related:Credential Theft Becomes Cybercriminals' Favorite Target

And indeed, threats to space-based systems have increased. Russia-linked hackers disrupted satellite communications in Ukraine during the opening months of its invasion, and researchers are concerned about the potential satellite-hacking capabilities of China and Iran.

Because so much of the US space infrastructure now relies on private manufacturers, those organizations need to make sure they meet stringent levels of cybersecurity, says Josh Taylor, lead cybersecurity analyst at Fortra, an automated cybersecurity provider. In July 2024, two Democratic US representatives, Maxwell Alejandro Frost (Fla.-10) and Don Beyer (Va.-8) introduced a bill, the Spacecraft Cybersecurity Act, that would require manufacturers to adopt cybersecurity requirements to supply NASA with spacecraft. No actions have been taken on the bill.

"Spacecraft manufacturers are not proactively doing enough to ensure cybersecurity best practices, as evidenced by the original need for the Spacecraft Cybersecurity Act and the lack of progress in adopting large-scale changes since its proposal," Taylor says. "The delay is particularly concerning in today's heightened threat environment, given the recent renewed attention on supply chain breaches targeting government systems."

Related:Ferret Malware Added to 'Contagious Interview' Campaign

**Trump & Policy: Not Politics as Usual**

Such legislation may not get much attention in the current political climate. The Trump administration's off-the-cuff approach to setting policy has made the future of the space program — never mind its cybersecurity — a large question mark. While Trump has focused on space-based initiatives in the past — such as establishing the US Space Command in his first administration, and pledging last month to support programs to land Americans on Mars (a Musk pet project) — cybersecurity-focused regulatory efforts will likely face significant hurdles.

The Biden administration made some progress in cybersecurity but failed to require private contractors to commit to cybersecurity plans. In a flurry of eleventh-hour executive orders in January, the Biden administration issued a wide-ranging mandate to boost cybersecurity using contract requirements and the federal government's purchasing power. Among the provisions are stipulations that NASA and other civilian agencies create cybersecurity requirements for government-contracted systems, and inventory the existing cybersecurity protections of the ground systems that support space missions.

Related:Cybercriminals Court Traitorous Insiders via Ransom Notes

Yet the Trump administration has already reversed several of the previous administration's executive orders and regulations in general, and the threat to undo the National Space Council remains real.

"How important is outer space to the new administration? That's still an open question," says Patrick Lin, director of the Ethics + Emerging Sciences Group at California Polytechnic State University (Cal Poly), and a member of the NSpC's User Advisory Group. "Without \[the NSpC\], we might see a single point of failure, if it's just the White House trying to tackle space policy alone — which already seems low on their agenda and thus may likely be under-staffed."

**Regulation Remains in Orbit**

Musk, meanwhile, has pushed back on regulations for commercial providers, including SpaceX, the dominant maker of private launch systems and spacecraft. The company accounted for more than half (52%) of 259 worldwide launches in 2024. Before attaching himself to the Trump administration, Musk — and SpaceX — had fallen afoul of environmental regulators and federal reporting standards for handling sensitive information.

A single private citizen has seldom, if ever, wielded as much influence over the US government as SpaceX's Musk, who has been designated a "special government employee" and whose team — the Department of Government Efficiency, or DOGE — has moved to cut specific programs and agencies.

But even without the threat of a private citizen with conflicts of interest cutting NASA's regulatory efforts, boosting cybersecurity for spacecraft is not an easy task.

NASA, a historically popular target of hackers, has focused on organizational and terrestrial cybersecurity, but the focus on cyber protection for space-based systems and communications is relatively recent. In 2019 and 2023, NASA issued its first guidelines to secure spacecraft, such as the Orion Multi-Purpose Crew Vehicle, but has not incorporated the requirements into its acquisition policies, according to a 2024 report by the US Government Accounting Office.

In addition, NASA needs trusted suppliers that also know the provenance of their hardware and software, says Space ISAC's Visner.

"Particular attention should be paid to the increasingly global and commoditized supply chain of hardware and software that comprises our space systems," he says. "Industry should recognize — and it appears many industry leaders do recognize — that the systems they produce for the public and private sectors are potential adversary targets."

**Hope Remains for Cybersecurity Moonshot**

A few weeks into the second Trump administration, experts are split on whether cybersecurity will be a focus in the push to ramp up the United States' efforts in space.

On one hand, the Trump administration has not stated a policy for current space efforts nor announced initiatives to secure space-based systems, but then NASA already issued a best-practices guide for securing space systems in 2023.

"It's worth noting that Space Policy Directive 5 (SPD-5), which described the principles for the cybersecurity of space systems, was promulgated by President Trump's first administration, while the subsequent Biden administration pursued implementation of this directive," Visner explains. "So, we can expect additional, and perhaps increased emphasis, as the new administration shapes its efforts."

CalPoly's Lin, however, is a bit more pessimistic about the chances for more stringent cybersecurity requirements for space-based infrastructure and the commercial contractors that manufacture components for those devices and vehicles.

"It's really anyone's guess how all this will play out, and that uncertainty doesn't give much confidence that space cybersecurity will be strengthened," he says. "\[It\] takes real work and coordination — discipline, competence, safety cultures, \[and\] international and industry cooperation. In the absence of governmental leadership, it may be up to the space industry to watch their own cyber-backs, which unfortunately doesn't bode well for national security."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

US Cybersecurity Efforts for Spacecraft Are Up in the Air

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks.

New mobile apps from the Chinese artificial intelligence (AI) company **DeepSeek** have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks.

Public interest in the DeepSeek AI chat apps swelled following widespread media reports that the upstart Chinese AI firm had managed to match the abilities of cutting-edge chatbots while using a fraction of the specialized computer chips that leading AI companies rely on. As of this writing, DeepSeek is the third most-downloaded “free” app on the Apple store, and #1 on Google Play.

DeepSeek’s rapid rise caught the attention of the mobile security firm **NowSecure**, a Chicago-based company that helps clients screen mobile apps for security and privacy threats. In a teardown of the DeepSeek app published today, NowSecure urged organizations to remove the DeepSeek iOS mobile app from their environments, citing security concerns.

NowSecure founder **Andrew Hoog** said they haven’t yet concluded an in-depth analysis of the DeepSeek app for **Android** devices, but that there is little reason to believe its basic design would be functionally much different.

Hoog told KrebsOnSecurity there were a number of qualities about the DeepSeek iOS app that suggest the presence of deep-seated security and privacy risks. For starters, he said, the app collects an awful lot of data about the user’s device.

“They are doing some very interesting things that are on the edge of advanced device fingerprinting,” Hoog said, noting that one property of the app tracks the device’s name — which for many iOS devices defaults to the customer’s name followed by the type of iOS device.

The device information shared, combined with the user’s Internet address and data gathered from mobile advertising companies, could be used to deanonymize users of the DeepSeek iOS app, NowSecure warned. The report notes that DeepSeek communicates with **Volcengine**, a cloud platform developed by **ByteDance** (the makers of **TikTok**), although NowSecure said it wasn’t clear if the data is just leveraging ByteDance’s digital transformation cloud service or if the declared information share extends further between the two companies.

Image: NowSecure.

Perhaps more concerning, NowSecure said the iOS app transmits device information “in the clear,” without any encryption to encapsulate the data. This means the data being handled by the app could be intercepted, read, and even modified by anyone who has access to any of the networks that carry the app’s traffic.

“The DeepSeek iOS app globally disables App Transport Security (ATS) which is an iOS platform level protection that prevents sensitive data from being sent over unencrypted channels,” the report observed. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

Hoog said the app does selectively encrypt portions of the responses coming from DeepSeek servers. But they also found it uses an insecure and now deprecated encryption algorithm called 3DES (aka Triple DES), and that the developers had hard-coded the encryption key. That means the cryptographic key needed to decipher those data fields can be extracted from the app itself.

There were other, less alarming security and privacy issues highlighted in the report, but Hoog said he’s confident there are additional, unseen security concerns lurking within the app’s code.

“When we see people exhibit really simplistic coding errors, as you dig deeper there are usually a lot more issues,” Hoog said. “There is virtually no priority around security or privacy. Whether cultural, or mandated by China, or a witting choice, taken together they point to significant lapse in security and privacy controls, and that puts companies at risk.”

Apparently, plenty of others share this view. _Axios_ reported on January 30 that U.S. congressional offices are being warned not to use the app.

“\[T\]hreat actors are already exploiting DeepSeek to deliver malicious software and infect devices,” read the notice from the chief administrative officer for the House of Representatives. “To mitigate these risks, the House has taken security measures to restrict DeepSeek’s functionality on all House-issued devices.”

_TechCrunch_ reports that Italy and Taiwan have already moved to ban DeepSeek over security concerns. _Bloomberg_ writes that **The Pentagon** has blocked access to DeepSeek. _CNBC_ says **NASA** also banned employees from using the service, as did the **U.S. Navy**.

Beyond security concerns tied to the DeepSeek iOS app, there are indications the Chinese AI company may be playing fast and loose with the data that it collects from and about users. On January 29, researchers at **Wiz** said they discovered a publicly accessible database linked to DeepSeek that exposed “a significant volume of chat history, backend data and sensitive information, including log streams, API secrets, and operational details.”

“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world,” Wiz wrote. \[Full disclosure: Wiz is currently an advertiser on this website.\]

KrebsOnSecurity sought comment on the report from DeepSeek and from Apple. This story will be updated with any substantive replies.

Tag

#auth