"Chinese AI firm DeepSeek revealed it spent only $294,000 training its R1 model far below the hundreds of millions claimed by U.S. rivals. Using 512 Nvidia H800 accelerators, the company trained R1 in just 80 hours. The release of R1 earlier this year rattled tech markets, even denting Nvidia's valuation. DeepSeek also acknowledged limited use of A100s and defended model distillation, stressing it makes AI more accessible despite U.S. accusations of copying OpenAI's work."
"Security researchers uncovered Villager, an AI-driven pentesting framework published on PyPI and linked to the Chinese group Cyberspike. Marketed as a successor to Cobalt Strike, it integrates Kali Linux, 4,200+ AI prompts, and tools like Mimikatz and AsyncRAT. While it can support legitimate penetration testing, its automation makes it equally useful for large-scale cyberattacks. Experts warn that Villager highlights how quickly attackers are adopting AI to streamline exploitation and stealth."
A major supply-chain attack dubbed Shai-Hulud compromised @ctrl/tinycolor and more than 40 npm packages. Malicious code exfiltrated cloud credentials and GitHub tokens. Developers are advised to remove affected versions, rotate secrets, and audit CI/CD pipelines. Chinese AI firm DeepSeek reported spending only $294,000 to train its R1 model on 512 Nvidia H800 accelerators in 80 hours, acknowledging limited use of A100s and defending model distillation. Security researchers found Villager, an AI-driven pentesting framework on PyPI linked to Cyberspike, which bundles Kali Linux, 4,200+ prompts, Mimikatz and AsyncRAT. The automation in Villager increases risk of large-scale, AI-assisted cyberattacks. A list of developer resources and guides for JavaScript and AI workflows is provided.
Read at jsdevspace.substack.com
Unable to calculate read time
Collection
[
|
...
]