THE DAILY BRIEF

DeepSeek is raising outside capital for the first time, targeting at least $300 million at a $10 billion valuation to compete in the expensive AI model race. The Chinese startup is building its financial firepower to challenge incumbents.

► China's AI competition is moving from state-backed labs to well-capitalized startups that can scale globally without direct government subsidy.

A critical remote code execution vulnerability in protobuf.js, Google's widely-used Protocol Buffers library for JavaScript, now has public exploit code available. Immediate patching is required across dependent applications.

► This affects the entire JavaScript ecosystem and demonstrates how serialization libraries—trusted dependencies far down the chain—can become single points of catastrophic failure.

Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities to gain SYSTEM or elevated administrator permissions. Attacks are already underway in the wild.

► The compressed window between disclosure and weaponization is shrinking, making patch velocity more critical than ever for enterprise security teams.

Google's Threat Intelligence Group detected and stopped a mass exploitation campaign using a zero-day vulnerability that was developed with AI assistance. Proactive detection prevented widespread compromise.

► AI-assisted vulnerability discovery is now in attackers' hands, but detection systems are catching these threats faster than human-only research could.