Hardware manufacturers have developed technologies in recent years that should enable organizations to process sensitive data securely using shared cloud computing resources. This approach, known as confidential computing, protects sensitive data while it is being processed by isolating it in a secure area impenetrable to other users and even the cloud provider. However, computer scientists at ETH Zurich have demonstrated that hackers can gain access to these systems and the data stored within them.

An analysis conducted by Helene Pleil, a research associate at the Digital Society Institute (DSI) at ESMT Berlin, and colleagues from Technical University Darmstadt, delves into the main challenges to effective cyber arms control, which is critical for foreign and security policy. These challenges include rapid technological progress, a lack of uniform definitions, the dual use of cyber tools, and more. They did a literature review on the challenges and obstacles to developing arms control measures in cyberspace.

Hackers are using Facebook ads and hijacked pages to promote fake Artificial Intelligence (AI) services and infect users with password-stealing malware. The impersonated AI services include MidJourney, ChatGPT-5, DALL-E, and more. The malvertising campaigns were created with hijacked Facebook profiles that impersonate popular AI services, claiming to provide a sneak preview of new features. Users deceived by the ads join fraudulent Facebook communities, where threat actors post news, AI-generated images, and other related information to make the pages appear legitimate.

The National Institute of Standards and Technology (NIST) has awarded cooperative agreements totaling about $3.6 million to build the workforce required to protect enterprises from cybersecurity threats. The grants will be distributed to 18 education and community organizations in 15 states working to address the nation's shortage of skilled cybersecurity employees. NICE, a NIST-led partnership of government, academia, and the private sector dedicated to cybersecurity education, training, and workforce development, will oversee the cooperative agreements.

Jackson County in Missouri recently reported significant disruptions within its IT systems caused by a ransomware attack.  The disturbances have led to the declaration of a state of emergency caused by operational inconsistencies across digital infrastructure, with specific systems rendered inoperative while others remained functional.  The county noted that impacted services include tax payments and online property, marriage licenses and inmate searches.

Wiz, a cloud security provider, discovered two critical architecture flaws in generative Artificial Intelligence (AI) models uploaded to Hugging Face, the leading AI model and application-sharing platform. Wiz Research described the two flaws and the potential risk they pose to AI-as-a-service providers. The risks include shared inference infrastructure takeover and shared Continuous Integration and Continuous Deployment (CI/CD) takeover. This article continues to discuss how attackers could exploit the AI infrastructure risks.

A new version of "JSOutProx" is targeting financial institutions in the Asia-Pacific (APAC) and Middle East and North Africa (MENA). Resecurity described JSOutProx as a sophisticated attack framework that uses both JavaScript and .NET. It uses the .NET (de)serialization feature to communicate with a core JavaScript module on the victim's machine. Once executed, the malware allows the framework to load different plugins, which perform additional malicious actions against the victim. This article continues to discuss findings regarding the evolving JSOutProx threat. 

Omni Hotels & Resorts has recently told customers that the recent disruptions have been caused by a cyberattack that forced it to shut down some systems.  The Texas-based Omni Hotels & Resorts runs 50 upscale hotels and resorts across North America, offering more than 23,000 rooms.  The company says it started responding to a cyberattack on March 29.  The company noted that it is currently working to determine the scope of the event, including the impact on any data or information maintained on Omni systems.

Cancer treatment and research center City of Hope recently started notifying over 800,000 individuals that their personal and health information was compromised in a data breach.  A National Cancer Institute (NCI)-designated comprehensive cancer center, City of Hope is based in Duarte, California, but has a network of clinical practice locations and offices throughout the US.  City of Hope noted that the data breach occurred between September 19 and October 12, 2023.

Carnegie Mellon University's (CMU) Software Engineering Institute (SEI) and OpenAI published a white paper titled "Considerations for Evaluating Large Language Models for Cybersecurity Tasks." The paper finds that Large Language Models (LLMs) could be useful for cybersecurity professionals. However, LLMs should be evaluated using real and complex scenarios to gain a better understanding of the technology's capabilities and risks. LLMs form the foundation of today's generative Artificial Intelligence (AI) platforms, including Google's Gemini, Microsoft's Bing AI, and OpenAI's ChatGPT.