Aggregator

2024全球AI大模型终极指南：详解GPT-4、华为盘古、DeepSeek等30+模型的技术差异、应用场景与中美竞争格局，附开发者选型建议与开源资源。

A vulnerability was found in Kunal Shivale Global Meta Keyword & Description Plugin up to 2.3 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-26550. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in nagarjunsonti My Login Logout Plugin up to 2.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-26547. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in shisuh Related Posts Line-up-Exactly by Milliard Plugin up to 0.0.22 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-26545. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in pa1 WP Html Page Sitemap Plugin up to 2.2 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-26549. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Pukhraj Suthar Simple Responsive Menu Plugin up to 2.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-26543. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in mkkmail Aparat Responsive Plugin up to 1.3 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-26558. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in badrHan Naver Syndication V2 Plugin up to 0.8.3 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-26552. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in sureshdsk Bootstrap collapse Plugin up to 1.0.4 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-26551. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Dan Rossiter Prezi Embedder Plugin up to 2.1 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-26538. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in petkivim Embed Google Map Plugin up to 3.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-26539. The attack may be launched remotely. There is no exploit available.

A China-based threat actor, tracked as Emperor Dragonfly and commonly associated with cybercriminal endeavors, has been observed using in a ransomware attack a toolset previously attributed to espionage actors. [...]

Palo Alto Networks introduced Cortex Cloud, the next version of Prisma Cloud, that natively brings together new releases of its cloud detection and response (CDR) and cloud native application protection platform (CNAPP) capabilities on the unified Cortex platform. The new solution equips security teams with significant innovations powered by AI and automation that go beyond traditional “peace time” approaches to cloud security and stop attacks in real-time. Unit 42 reports reveal that 80% of security … More →

The post Palo Alto Networks Cortex Cloud applies AI-driven insights to reduce risk and prevent threats appeared first on Help Net Security.

The open-source LLM known as DeepSeek has attracted much attention in recent weeks with the release of DeepSeek V3 and DeepSeek R1, and in this blog, The Tenable Security Response Team answers some of the frequently asked questions (FAQ) about it.

Background

The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding DeepSeek.

FAQ

What is DeepSeek?

DeepSeek typically refers to the large language model (LLM) produced by a Chinese company named DeepSeek, founded in 2023 by Liang Wenfeng.

What is a large language model?

A large language model, or LLM, is a machine-learning model that has been pre-trained on a large corpus of data, which enables it to respond to user inputs using natural, human-like responses.

Why is there so much interest in the DeepSeek LLM?

In January 2025, DeepSeek published two new LLMs: DeepSeek V3 and DeepSeek R1. The interest surrounding these models is two-fold: first, they are open-source, meaning anyone can download and run these LLMs on their local machines and, second, they were reportedly trained using less-powerful hardware, which was believed to be a breakthrough in this space as it revealed that such models could be developed at a lower cost.

What are the differences between DeepSeek V3 and DeepSeek R1?

DeepSeek V3 is an LLM that employs a technique called mixture-of-experts (MoE) which requires less compute power because it only loads the required “experts” to respond to a prompt. It also implements a new technique called multi-head latent attention (MLA), which significantly reduces the memory usage and performance during training and inference (the process of generating a response from user input).

In addition to MoE and MLA, DeepSeek R1 implements a multitoken prediction (MTP) architecture first introduced by Meta. Instead of just predicting the next word each time the model is executed, DeepSeek R1 predicts the next two tokens in parallel.

DeepSeek R1 is an advanced LLM that utilizes reasoning, which includes chain-of-thought (CoT), revealing to the end user how it responds to each prompt. According to DeepSeek, performance of its R1 model “rivals” OpenAI’s o1 model.

Example of DeepSeek’s chain-of-thought (CoT) reasoning model

What are the minimum requirements to run a DeepSeek model locally?

It depends. DeepSeek R1 has 671 billion parameters and requires multiple expensive high-end GPUs to run. There are distilled versions of the model starting at 1.5 billion parameters, going all the way up to 70 billion parameters. These distilled models are able to run on consumer-grade hardware. Here is the size on disk for each model:

DeepSeek R1 modelsSize on disk1.5b1.1 GB7b4.4 GB8b4.9 GB14b9.0 GB32b22 GB70b43 GB671b404 GB

Therefore, the lower the parameters, the less resources are required and the higher the parameters, the more resources are required.

The number of parameters also influences how the model will respond to prompts by the user. Most modern computers, including laptops that have 8 to 16 gigabytes of RAM, are capable of running distilled LLMs with 7 billion or 8 billion parameters.

What makes DeepSeek different from other LLMs?

Benchmark testing conducted by DeepSeek showed that its DeepSeek R1 model is on par with many of the existing models from OpenAI, Claude and Meta at the time of its release. Additionally, many of the companies in this space have not open-sourced their frontier LLMs, which gives DeepSeek a unique advantage.

Finally, its CoT approach is verbose, revealing more of the nuances involved in how LLMs respond to prompts compared to other reasoning models. The latest models from OpenAI (o3) and Google (Gemini 2.0 Flash Thinking) reveal additional reasoning to the end user, though in a less verbose fashion.

What is a frontier model?

A frontier model refers to the most advanced LLMs available that include complex reasoning and problem-solving capabilities. Currently, OpenAI’s o1 and o3 models along with DeepSeek R1 are the only frontier models available.

DeepSeek was created by a Chinese company. Is it safe to use?

It depends. Deploying the open-source version of DeepSeek on a system is likely safer to use versus DeepSeek’s website or mobile applications, since it doesn’t require a connection to the internet to function. However, there are genuine privacy and security concerns about using DeepSeek, specifically through its website and its mobile applications available on iOS and Android.

What are the concerns surrounding using DeepSeek’s website and mobile applications?

DeepSeek's data collection disclosure is outlined in its privacy policy, which specifies the types of data collected when using its website or mobile applications. It's important to note that data is stored on secure servers in the People's Republic of China, although the retention terms are unclear. Since DeepSeek operates in China, its terms of service are subject to Chinese law, meaning that consumer privacy protections, such as the EU’s GDPR and similar global regulations, do not apply. If you choose to download DeepSeek models and run them locally, you face a lower risk regarding data privacy.

Has DeepSeek been banned anywhere or is it being reviewed for a potential ban?

As of February 13, several countries have banned or are investigating DeepSeek for a potential ban, including Italy, Taiwan, South Korea and Australia, as well as several states in the U.S. have banned DeepSeek from government devices including Texas, New York, Virginia along with several entities of the U.S. federal government including the U.S. Department of Defense, U.S. Navy and the U.S. Congress. This list is likely to continue to grow in the coming weeks and months.

Is Tenable looking into safety and security concerns surrounding LLMs like DeepSeek?

Yes, Tenable Research is actively researching LLMs, including DeepSeek, and will be sharing more of our findings in future publications on the Tenable blog.

Get more information

• DeepSeek-R1: Incentivizing Reasoning Capability in LLMs via Reinforcement Learning

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

A nation-state threat actor with ties to North Korea has been linked to an ongoing campaign targeting South Korean business, government, and cryptocurrency sectors. The attack campaign, dubbed DEEP#DRIVE by Securonix, has been attributed to a hacking group known as Kimsuky, which is also tracked under the names APT43, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, TA427, and Velvet