Researchers from the Institute of Applied Information Processing and Communications at Graz University of Technology (TU Graz) successfully demonstrated three side-channel attacks on graphics cards via the WebGPU browser interface. According to the researchers, the attacks were fast enough to succeed during normal Internet surfing. Modern websites place ever-increasing demands on computing power. Therefore, web browsers have had access to the computing capacities of the Graphics Processing Unit (GPU) as well as the Central Processing Unit (CPU).

A Russian threat actor is targeting game developers with fraudulent Web3 gaming projects that install multiple variants of infostealers on macOS and Windows devices. According to Recorded Future's Insikt Group, the campaign's ultimate goal appears to be to defraud victims and steal their cryptocurrency wallets. The campaign mimics legitimate projects by making little changes to project names and branding. Multiple fake social media accounts were even created to impersonate the projects.

Authorities in Australia and the US recently announced the arrest and indictment of two individuals for their roles in developing and selling the Hive remote access trojan (RAT).  Initially developed and distributed under the name of Firebird, the malware was marketed as a remote access tool that could stay hidden and steal sensitive information from the targeted systems.  The Australian man was charged with twelve counts of computer offenses and is scheduled to appear in court on May 7.

The National Security Agency (NSA) has published a Cybersecurity Information Sheet (CSI) titled "Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems." The CSI aims to help National Security System (NSS) owners and Defense Industrial Base (DIB) companies that will deploy and operate AI systems designed and developed by an external entity. The guidance is also applicable to anyone else bringing AI capabilities into a managed environment, particularly those in high-threat, high-value environments.

According to Binarly, there is an unpatched security flaw impacting the Lighttpd web server in Intel and Lenovo Baseboard Management Controllers (BMCs). Although the original flaw was discovered and patched by Lighttpd maintainers in August 2018 with version 1.4.51, the lack of a CVE identifier or advisory has caused it to be overlooked by AMI MegaRAC BMC developers. It has made its way into products made by Intel and Lenovo.

Purdue University researchers have launched a multidisciplinary project to model, simulate, and analyze Cyber-Physical Systems (CPS), aiming to improve system robustness and make system analysis more scalable and effective. The Defense Advanced Research Projects Agency (DARPA) is sponsoring the multiphase $6.5 million project named "FIREFLY," through its FIRE (Faithful Integrated Reverse Engineering and Exploitation) program.

The Daixin Team ransomware gang claimed responsibility for a recent cyberattack against Omni Hotels & Resorts, threatening to publish sensitive customer information if a ransom is not paid. A warning was issued in October 2022 about the Daixin Team cybercrime gang launching ransomware attacks against the US Healthcare and Public Health (HPH) sector. Since then, the group has been linked to a number of incidents involving the theft of Patient Health Information (PHI) and Personally Identifiable Information (PII).

 Cybersecurity researchers at vpnMentor have uncovered a significant data exposure concerning nearly 300,000 taxi passengers in the UK and Ireland.  The researchers found a non-password-protected database containing personal details.  These records, belonging to Dublin-based iCabbi, a dispatch and fleet management technology provider, were left vulnerable to potential exploitation.  The researchers noted that the exposed database contained 22,745 records and .csv documents with customers’ names, emails, phone numbers, and user IDs.

A recent incident in West Africa further highlights the ongoing threat posed by the LockBit ransomware. With stolen administrator credentials, cybercriminals have deployed a customized variant of the ransomware that can self-propagate. They compromised corporate infrastructure using privileged access, demonstrating the continued risk posed by the leaked LockBit 3.0 builder. The builder was leaked in 2022, but attackers, even those without advanced programming skills, continue to use it to create customized versions.