Tuesday, Jan 28, 2025 // (IG): BB // GITHUB // SN R&D
DeepSeek’s Rise Highlights CHIPS Act Loopholes in U.S. AI Race
Bottom Line Up Front (BLUF): DeepSeek, a Chinese AI startup, has rapidly risen to challenge U.S. dominance in artificial intelligence, leveraging Nvidia’s CHIPS Act-compliant H800 processors to develop its cost-effective R1 model. This success underscores how U.S. export controls intended to limit China’s AI advancements may have unintended gaps, as DeepSeek continues to refine its models and compete on a global scale. The development raises critical questions about the effectiveness of the CHIPS Act in maintaining U.S. AI leadership.
Analyst Comments: These chips, designed to comply with U.S. controls, still enable sophisticated AI training and have allowed DeepSeek to produce competitive models at a fraction of the cost of U.S. competitors. This highlights a need for stricter regulations or enhanced innovation strategies to maintain America’s edge. As China narrows the AI gap, U.S. policymakers may need to revisit the CHIPS Act's effectiveness in limiting AI advancements abroad while ensuring domestic industry growth.
FROM THE MEDIA: The CHIPS Act, introduced to restrict advanced semiconductor exports to China, allowed the sale of scaled-down processors like the H800, believed to be insufficient for high-level AI training. However, DeepSeek’s methods—such as reinforcement learning and selective data focus—have enabled it to achieve breakthroughs despite using these limited chips. The startup also relied on open-source models, including Meta’s Llama and Alibaba’s Qwen, to fine-tune its R1 model, further reducing development costs. DeepSeek’s use of CHIPS Act-compliant hardware has raised concerns among U.S. officials and industry leaders. OpenAI CEO Sam Altman called the development “impressive” but emphasized the need for more robust computing resources to stay ahead. Meanwhile, Meta’s Mark Zuckerberg reaffirmed his commitment to open-source AI while pledging $65 billion in AI investments, signaling a push to outpace competitors like DeepSeek.
READ THE STORY: FT
UnitedHealth Data Breach Impacts 190 Million, Raises Concerns Over Healthcare Cybersecurity
Bottom Line Up Front (BLUF): The number of victims impacted by last year’s ransomware attack on Change Healthcare, owned by UnitedHealth, has climbed to approximately 190 million. Sensitive data, including health insurance details, Social Security numbers, and medical information, was accessed, with the company paying a $22 million ransom. The breach highlights ongoing vulnerabilities in the healthcare sector’s cybersecurity defenses.
Analyst Comments: This breach underscores the high stakes of cybersecurity in healthcare, where large organizations manage sensitive data for millions of people. The scale of the attack—affecting nearly 200 million individuals—demonstrates how ransomware attacks are evolving to target essential systems. Despite UnitedHealth’s claims that full medical records were not exfiltrated, the incident raises significant concerns about the security of healthcare data pipelines and the adequacy of breach notification processes. The involvement of HHS in coordinating victim notifications indicates a growing government focus on regulating breach response in critical industries.
FROM THE MEDIA: UnitedHealth has updated the total number of individuals impacted by the ransomware attack on Change Healthcare to 190 million, nearly doubling the initially reported figure of 100 million. The breach, which occurred last year, exposed sensitive data, including health insurance records, medical test results, financial information, and personal identifiers like Social Security numbers. In June, UnitedHealth admitted that hackers likely accessed extensive personal and health insurance data. However, the company claimed to have found “no evidence” that full medical histories or electronic medical record databases were stolen. Over 90% of the stolen data has been reviewed, with final confirmation pending. The breach has forced Change Healthcare to notify victims on behalf of thousands of hospitals, doctor’s offices, and pharmacies, as required by the Department of Health and Human Services (HHS). The organization has emphasized the importance of ensuring that vulnerable populations, such as the elderly and non-English speakers, are informed about the breach’s impact.
READ THE STORY: The Record
Apple Patches Actively Exploited Zero-Day Vulnerability in iPhones, Macs, and More
Bottom Line Up Front (BLUF): Apple has issued critical updates across its product ecosystem to address CVE-2025-24085, an actively exploited zero-day vulnerability in the Core Media component. This use-after-free flaw could allow malicious apps to escalate privileges on compromised devices. The company has also resolved multiple other vulnerabilities, urging users to apply patches immediately to safeguard their systems.
Analyst Comments: The active exploitation of CVE-2025-24085 highlights the increasing sophistication of attacks targeting widely used platforms like iOS and macOS. While details of the exploitation remain limited, the vulnerability's presence across Apple’s ecosystem underscores the need for timely patch management to mitigate risks. The simultaneous discovery of additional vulnerabilities, including those reported by Google TAG and Oligo Security, further demonstrates the persistent targeting of multimedia components in modern operating systems. Enterprises and end-users should prioritize updates to prevent potential compromise from both this and other flaws.
FROM THE MEDIA: Apple has released security patches to address multiple vulnerabilities, including CVE-2025-24085, an actively exploited zero-day flaw in Core Media. This use-after-free bug could allow a malicious app already installed on a device to elevate its privileges. The issue impacts devices running older versions of iOS prior to iOS 17.2 and has now been resolved with improved memory management.Apple has patched five flaws in AirPlay, reported by researcher Uri Katz, which could cause system crashes or enable arbitrary code execution. Google’s Threat Analysis Group (TAG) also identified three CoreAudio vulnerabilities (CVE-2025-24160, CVE-2025-24161, and CVE-2025-24163) that could lead to app crashes when processing specially crafted files. Apple has not disclosed details about how CVE-2025-24085 was exploited, nor the identities of attackers or specific targets. Users are strongly advised to update their devices immediately to reduce the risk of compromise.
READ THE STORY: THN
U.S. AI Firms Scramble to Respond to Disruptive DeepSeek Models
Bottom Line Up Front (BLUF): Chinese AI startup DeepSeek has disrupted the global AI landscape with its cost-efficient, high-performing models, including the R1 reasoning model, which has surpassed OpenAI’s ChatGPT on Apple’s App Store. Despite DeepSeek's claims of low development costs, U.S. AI firms are investigating its true expenses and capabilities while grappling with the implications of its open-source release strategy. The rise of DeepSeek has triggered a selloff in U.S. tech stocks, underscoring its impact on market perceptions of AI development.
Analyst Comments: The rapid ascent of DeepSeek represents a major shift in the AI industry, challenging the long-held belief that only firms with vast resources can achieve state-of-the-art breakthroughs. Its open-source strategy democratizes access to advanced AI technology, but this approach also raises concerns about potential misuse, especially given the geopolitical tensions between the U.S. and China. While U.S. AI companies acknowledge the technical achievements, they are also likely to scrutinize the methodologies and compliance of DeepSeek’s operations. This development may intensify the pace of AI innovation globally and increase pressure on U.S. companies to remain competitive.
FROM THE MEDIA: A new competitor in the AI space has taken the industry by storm, with its free assistant surpassing OpenAI’s ChatGPT in popularity on Apple’s App Store. The Chinese firm’s R1 reasoning model, which uses Nvidia H800 chips, claims to have been trained for under $6 million. However, industry experts argue the true costs, including early-stage development, likely exceed $1 billion. The open-source nature of DeepSeek’s models has drawn significant praise for making advanced AI widely accessible, with notable figures like venture capitalist Marc Andreessen calling it a “profound gift to the world.” At the same time, companies such as Snowflake have integrated the models into their platforms after evaluating potential risks. The rise of this new player has sparked a reevaluation of competitive dynamics within the AI industry. U.S. firms are now analyzing the technical underpinnings of its V3 model and exploring the implications of its cost-effective approach. Meanwhile, the impact on markets has been immediate, with U.S. tech stocks suffering as confidence in existing proprietary systems is questioned.
READ THE STORY: Reuters
Germany’s Indirect Reliance on Russian LNG Highlights Gaps in EU Energy Transparency
Bottom Line Up Front (BLUF): Despite Germany’s ban on direct imports of Russian liquefied natural gas (LNG), the country continues to receive significant quantities indirectly via EU ports, particularly from France and Belgium. A lack of transparency in the EU gas market allows Russian LNG to be “rebranded” and resold within the bloc, complicating efforts to reduce dependence on Russian energy. These findings highlight the challenges of enforcing Brussels' goal of phasing out Russian fossil fuels by 2027.
Analyst Comments: The indirect import of Russian LNG into Germany exposes a loophole in the EU’s energy transition strategy. While the bloc has made strides in reducing direct reliance on Russian gas, the lack of a robust tracking mechanism within the EU’s internal market undermines its broader objectives. This issue also reflects the broader geopolitical complexities of balancing energy security with economic and environmental goals. Without comprehensive transparency measures, member states risk perpetuating dependency on Russian energy, inadvertently undermining EU solidarity and emboldening Russia’s influence in the global energy market.
FROM THE MEDIA: Germany, which has banned the direct import of Russian LNG into its ports, continues to receive substantial volumes of Russian gas indirectly via EU neighbors. A report by Belgian, German, and Ukrainian NGOs found that Germany’s national energy company, Sefe, purchased 58 cargoes of Russian LNG through the French port of Dunkirk in 2024—six times more than in 2023. These purchases account for 3–9.2% of Germany’s total gas supply. The challenge stems from the difficulty of tracking gas once it enters the EU’s internal energy market. Gas transported from Belgian ports, for example, is labeled as "Belgian gas" in German databases, even though Belgium has no domestic gas production. This lack of transparency, coupled with finger-pointing among member states, has resulted in inaction against Russian LNG. Efforts to address this issue have included calls by France and nine other EU countries to improve supplier transparency for LNG imports. However, experts warn that creating a detailed tracking system for gas deliveries across EU networks would be extremely burdensome and complex.
READ THE STORY: FT
Sweden Seizes Ship Suspected in Baltic Sea Cable Sabotage
Bottom Line Up Front (BLUF): Swedish authorities have seized the cargo ship Vezhen, suspected of damaging a Latvian communications cable in the Baltic Sea. This incident follows recent disruptions to undersea infrastructure in the region, prompting NATO allies to increase military presence and warn against threats to submarine cables. Investigations into the event, led by Sweden's Security Service (SÄPO), are ongoing.
Analyst Comments: The suspected sabotage of undersea cables in the Baltic Sea raises alarms about the security of critical infrastructure in geopolitically tense regions. The Vezhen seizure highlights the escalating risk to subsea communications systems, which are vital for data transmission across Europe. As tensions with Russia persist, these incidents underline NATO's focus on maritime security, demonstrated by its Baltic Sentry initiative. Future attacks—whether intentional or accidental—could disrupt global internet traffic, financial systems, and military communications, posing severe economic and national security risks for affected nations.
FROM THE MEDIA: Swedish authorities boarded the cargo ship Vezhen on Sunday after it was suspected of damaging a communications cable owned by the Latvian State Radio and Television Centre (LVRTC). The cable, connecting the Latvian city of Ventspils to Sweden’s Gotland island, lies within Sweden’s exclusive economic zone. The investigation, labeled as suspected “serious sabotage,” is being led by SÄPO, Sweden’s Security Service. Authorities, including the Coast Guard and Armed Forces, are collaborating on the case. Officials have not disclosed specific evidence linking the Vezhen to the cable damage, but it is one of three ships under investigation, according to the Latvian Navy. The incident follows heightened scrutiny over Baltic Sea infrastructure security after a Christmas Day event where another vessel dragged its anchor for nearly 100 kilometers, severing several cables. Finnish authorities have detained that ship, the Eagle S, suspecting intentional sabotage despite earlier reports suggesting accidental damage.
READ THE STORY: The Record
U.S. Cyber Diplomacy Bureau Stalled Amid Broad Foreign Aid Freeze
Bottom Line Up Front (BLUF): Following an executive order by President Trump, the U.S. State Department has frozen nearly all foreign assistance, including funding for the Bureau of Cyberspace and Digital Policy. This move halts critical cyber diplomacy initiatives that address global cyber threats and foster international tech partnerships. The bureau’s growing $90 million budget, once bolstered by the CHIPS Act and other initiatives, is now in limbo, raising concerns about the future of U.S.-led cybersecurity efforts.
Analyst Comments: This freeze comes at a critical moment for the U.S. in shaping global cyber norms and countering threats from adversarial nations like China, Russia, and North Korea. The Bureau of Cyberspace and Digital Policy was a vital tool in expanding U.S. influence through cyber incident response and technology partnerships. Halting these efforts risks undermining U.S. credibility, leaving a vacuum that adversarial nations may exploit. Without a strong cyber diplomacy strategy, the U.S. could fall behind in international efforts to establish leadership in cyberspace governance and emerging technology standards.
FROM THE MEDIA: The U.S. State Department, under Secretary of State Marco Rubio, has issued a directive halting nearly all foreign assistance, effectively pausing the operations of its cyber diplomacy bureau. The freeze follows President Trump’s executive order suspending new foreign aid obligations and disbursements for 90 days to evaluate their alignment with his foreign policy goals. Since its establishment in 2022, the Bureau of Cyberspace and Digital Policy has played a key role in advancing U.S. cybersecurity objectives worldwide. The bureau’s efforts included deploying cyber incident response teams, supporting subsea cable installations, and conducting workshops with global partners to counter threats like North Korean cyber activities. Its budget grew from $17 million to over $90 million, fueled by funding from the CHIPS and Science Act and the Digital Connectivity Fund. The freeze halts progress on these initiatives, with the bureau’s acting chief, Jennifer Bachus, leading operations in the absence of a new cyber ambassador. The decision has drawn criticism, with former cyber ambassador Nate Fick warning that the move could hinder U.S. efforts to build international partnerships and counter cyber adversaries effectively.
READ THE STORY: The Record
Nvidia Faces Market Jitters as DeepSeek Disrupts AI Landscape
Bottom Line Up Front (BLUF): DeepSeek’s latest AI model has sent shockwaves through the industry, wiping nearly $600 billion off Nvidia’s market value. The Chinese startup’s cost-efficient R1 model challenges assumptions about AI development expenses, sparking concerns over Nvidia’s long-term dominance. However, some analysts believe this disruption could actually bolster Nvidia’s chip demand, as lower AI costs drive broader adoption of the technology.
Analyst Comments: The sharp market reaction to DeepSeek highlights growing uncertainty in the AI arms race, with Nvidia’s dependence on AI investment under scrutiny. DeepSeek’s ability to achieve competitive results using lower-cost methods and non-Cuda software indicates a shift in development priorities toward efficiency over scale. While this poses risks to traditional scaling models, Nvidia’s position as the backbone of inference-based computing may benefit as demand for AI applications expands. For U.S. companies, the emergence of DeepSeek also signals a need for strategic recalibration, especially given its reliance on chips that skirt U.S. export restrictions.
FROM THE MEDIA: DeepSeek’s unveiling of its R1 model last week rattled markets, with Nvidia’s stock plunging 17% and the Philadelphia Semiconductor Index seeing its steepest drop since 2020. The R1 model, which rivals OpenAI’s o1 in performance, was reportedly trained using only 2,048 Nvidia GPUs, at a cost of $5.6 million. This contrasts sharply with the multi-billion-dollar investments made by Silicon Valley firms like OpenAI and Meta. Adding to investor anxiety, DeepSeek’s engineers achieved their breakthrough without relying on Nvidia’s proprietary Cuda software, a linchpin of Nvidia’s dominance in AI development. By circumventing Cuda, DeepSeek has challenged the notion that Nvidia’s ecosystem is indispensable for cutting-edge AI advancements. Despite the selloff, Nvidia argues that DeepSeek’s innovations will ultimately fuel demand for its chips, particularly for inference tasks required to process AI queries. Nvidia CEO Jensen Huang recently noted that inference demand “is about to go up by a billion times,” with AI systems like R1 requiring significant computational power during user interactions.
READ THE STORY: FT
Hackers Hijack Israeli Emergency Sirens and Claim Breach of National Security Ministry
Bottom Line Up Front (BLUF): A pro-Palestinian hacker group, Handala, breached Maagar-Tec's emergency systems in Israeli kindergartens, broadcasting sirens and Arabic songs across 20 institutions. The group also claims to have compromised Israel's National Security Ministry, stealing sensitive data. Authorities are investigating the incidents, which highlight Handala's ongoing cyber campaigns against Israeli targets.
Analyst Comments: This attack underscores the growing threat posed by hacktivist groups leveraging cybersecurity vulnerabilities for psychological and political impact. By targeting emergency systems in schools, Handala aims to spread fear among civilians and undermine trust in critical infrastructure. Their alleged breach of the National Security Ministry, if confirmed, would signal a significant escalation in cyber hostilities. These incidents align with broader trends of hacktivist groups—often with ties to state actors—conducting multi-pronged operations that blend digital disruption with data theft. The psychological element of these attacks amplifies their effect, creating public panic and straining government responses.
FROM THE MEDIA: Handala breached the emergency systems of Israeli kindergartens, activating panic buttons to play rocket sirens and Arabic songs. The systems, operated by Maagar-Tec, were quickly disconnected to limit the damage, according to the company. Approximately 20 educational institutions were affected by the breach, which was labeled an act of "terrorism" by Israel's cyber agency. In addition to disrupting emergency sirens, Handala claimed responsibility for sending mass text messages to Israeli citizens, intending to spread fear. The group allegedly accessed Maagar-Tec's database to launch the messaging campaign. The group further asserted it had breached Israel's National Security Ministry servers, exfiltrating four terabytes of sensitive data, including internal communications, video recordings, and personal records of police officers and firefighters. Israeli authorities have not yet confirmed this claim. Handala has a history of targeting Israeli entities, with alleged ties to Iranian interests. Previous attacks include phishing campaigns, wiper malware deployment, and attempts to disrupt Israel’s Iron Dome radar systems.
READ THE STORY: The Record
GitHub Desktop Vulnerability Exposes Credentials via Malicious URLs
Bottom Line Up Front (BLUF): Multiple vulnerabilities in GitHub Desktop and related Git tools, collectively dubbed "Clone2Leak," can allow attackers to steal user credentials through maliciously crafted remote URLs. These flaws exploit improper handling of control characters, enabling attackers to redirect credentials to unauthorized hosts. Users are advised to update to the latest versions of GitHub Desktop and other Git-related tools to mitigate the risk.
Analyst Comments: The Clone2Leak vulnerabilities highlight a critical issue with credential handling in widely used developer tools like GitHub Desktop and Git CLI. Attackers can exploit these flaws to intercept authentication tokens, gaining unauthorized access to private repositories or privileged resources. This is particularly concerning for organizations relying on GitHub Codespaces, where certain environmental variables could exacerbate the impact of these attacks. Organizations must ensure immediate patching of affected tools and adopt secure practices, such as avoiding untrusted repositories and disabling the credential helper where possible.
FROM THE MEDIA: Security researchers have disclosed several vulnerabilities impacting GitHub Desktop and Git-related tools, including Git Credential Manager and Git LFS. Collectively called Clone2Leak, the flaws include CVE-2025-23040, CVE-2024-50338, CVE-2024-53263, and CVE-2024-53858, with severity scores ranging from 6.5 to 8.5. These vulnerabilities stem from improper handling of control characters like carriage returns in URLs, enabling attackers to redirect credentials to malicious hosts. For example, in GitHub Desktop, attackers can inject a maliciously crafted URL that tricks the tool into sending credentials for a different host to an attacker-controlled server. Similarly, vulnerabilities in Git Credential Manager and Git LFS allow credentials to be exposed through improperly validated URLs. The GitHub CLI is also impacted, particularly in GitHub Codespaces, where environment variables can leak access tokens to attacker-controlled hosts when cloning malicious repositories.
READ THE STORY: THN
Items of interest
DeepSeek Limits Registration Amid Large-Scale Malicious Attacks
Bottom Line Up Front (BLUF): Chinese AI startup DeepSeek, a rising competitor to OpenAI, has restricted new user signups following significant malicious attacks on its services. The disruption comes as DeepSeek's AI assistant surpasses ChatGPT on Apple's App Store, driven by the release of its open-source R1 reasoning model. These incidents highlight the intensifying AI arms race and cybersecurity challenges facing leading AI firms.
Analyst Comments: The attack on DeepSeek underscores the growing risks faced by emerging AI platforms amid the global race for dominance in large language models (LLMs). As a rival to OpenAI, DeepSeek’s rise threatens to disrupt the AI market, drawing potential adversaries eager to stymie its momentum. Cyberattacks on AI firms are not new—OpenAI reported phishing campaigns and breaches in 2023—but DeepSeek's open-source approach may present unique security vulnerabilities. The incident serves as a stark reminder that cybersecurity must remain a top priority for AI developers, especially as geopolitical rivalries influence technology development.
FROM THE MEDIA: DeepSeek, a Chinese AI startup challenging OpenAI, has announced temporary restrictions on new registrations due to “large-scale malicious attacks.” The company reported degraded performance on January 27, 2025, impacting its flagship AI assistant. While existing users remain unaffected, the attack coincides with heightened public interest after DeepSeek's assistant overtook ChatGPT in popularity on Apple's App Store. DeepSeek’s R1 reasoning model—designed to rival OpenAI’s offerings—has attracted global attention for its open-source availability, allowing developers to build on its platform. However, these attacks highlight the risks associated with high-profile AI technologies. Similar incidents have plagued OpenAI, including phishing campaigns by the China-based SweetSpecter group and a 2023 breach of internal systems. These attacks emphasize the need for robust security frameworks as AI companies become prime targets for cyber espionage and sabotage in the ongoing AI arms race.
READ THE STORY: The Record
Big Tech in panic mode... Did DeepSeek R1 just pop the AI bubble? (Video)
FROM THE MEDIA: Chip stocks like Nvidia are in trouble after the DeepSeek R1 AI model has proven that it is possible to train and run state-of-the-art reasoning models with minimal hardware. Let's find out why China's latest AI model has big tech and wallstreet in panic mode.
We need more information on the DeepSeek hack (Video)
FROM THE MEDIA: Ivan Tsarynny, Feroot Security CEO, joins CNBC's 'The Exchange' to discuss the China's DeepSeek hack, whether uses DeepSeek exposes users to data sharing, and more.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.