TL;DR: Hugging Face's AI platform has been infiltrated by around 100 malicious AI models, threatening user security. Google introduces Gemma, a new Large Language Model noted for its performance and unique features. WhatsApp secures a legal victory against NSO Group, demanding the handover of Pegasus spyware code. NIST releases an updated Cybersecurity Framework 2.0, broadening its applicability. Canon's EOS R5 Mark II sticks to a 45MP sensor but adds AI autofocus. "Tron: Ares" sets its 2025 premiere, while CACM becomes fully Open Access, and Google's role in the decline of RSS feeds is critically analyzed.

Artificial Intelligence

AI Under Threat: Malicious Models on Hugging Face : Hugging Face’s AI platform, a hub for AI research and collaboration, has been infiltrated by malicious AI models, with JFrog’s security team uncovering around 100 instances capable of executing code on users’ machines for backdoor access. Despite Hugging Face’s stringent security protocols, these models pose significant risks, highlighting the urgent need for enhanced vigilance and proactive measures in the AI community to prevent data breaches and espionage.

Exploring Gemma: Google’s New Open-Weight LLM and Its Unique Features : Sebastian Raschka introduces Gemma, Google’s latest addition to the open-source Large Language Model (LLM) landscape, in a comprehensive studio guide. Gemma stands out for its superior performance against counterparts like Llama 2 7B and Mistral, attributed to its large vocabulary and extensive training dataset. The guide delves into Gemma’s architecture, highlighting its large vocabulary size, multi-query attention mechanism, and unique use of GeGLU activations, distinguishing it from similar models. Furthermore, it examines the model’s normalisation practices and the introduction of RMSNorm layers, providing insights into its design decisions. Practical guidance on using and finetuning Gemma with LitGPT, including instruction finetuning with LoRA, is also provided, making it accessible for a wide range of applications from a single GPU setup. This studio not only showcases Gemma’s potential in replacing existing models in real-world applications but also enriches the open-source LLM collection, inviting further exploration and adaptation.


NIST Launches Enhanced Cybersecurity Framework 2.0 for All Organisations : NIST’s updated Cybersecurity Framework (CSF) 2.0 aims to be universally applicable, extending its guidance beyond critical infrastructure to include all sectors and organisation sizes. The first major update since 2014, CSF 2.0 introduces a comprehensive suite of resources tailored for diverse audiences, emphasising governance and supply chain security. With a new ‘Govern’ function added to the core framework, it seeks to integrate cybersecurity into the broader enterprise risk management perspective. The framework now includes quick-start guides, success stories, and a searchable catalogue of references, facilitating easier adoption and implementation across various organisational needs and cybersecurity maturity levels. NIST encourages community feedback to further refine CSF as a versatile and evolving tool for managing cybersecurity risk globally.

WhatsApp Wins Legal Battle Against NSO Group Over Pegasus Spyware : In a significant legal victory, WhatsApp has been granted a US court order requiring NSO Group to hand over the code for Pegasus and other spyware, marking a major milestone in the ongoing litigation since 2019. The court’s decision demands NSO to provide comprehensive details on the spyware used to target 1,400 users between 29 April 2018 and 10 May 2020, although it won’t compel NSO to reveal its client list or server architecture. This ruling underscores WhatsApp’s commitment to protecting users from unlawful surveillance, amid broader concerns about the misuse of spyware tools like Pegasus, which have been utilised globally to target dissidents, journalists, and activists. The Biden administration’s recent actions against such misuse, including visa restrictions, highlight the growing international stance against the proliferation of commercial spyware threatening national security and privacy.

Debunking the Myth of the Cybersecurity Platform : Richard Stiennon challenges the concept of a unified cybersecurity platform, arguing against the marketing hype of major vendors. He highlights the market’s clear disinterest in a one-vendor solution, citing historical reluctance stemming from past decisions like standardising on WindowsNT. The article also connects recent tech stock market volatility, including a significant drop in Palo Alto Networks’ stock, to scepticism towards the “platform” strategy. Stiennon emphasises the necessity of adopting best-of-breed solutions for cybersecurity, critiquing the impracticality of a single-vendor platform and suggesting that diversification, rather than consolidation, is key to effective cybersecurity defence.


Canon EOS R5 Mark II Sticks to 45MP with New AI Edge : The Canon EOS R5 Mark II is anticipated to maintain its 45MP sensor, contrary to previous speculations of an upgrade to 60MP. This decision is unlikely to impact sales negatively. The camera will introduce novel AI autofocus capabilities, marking a first for Canon’s lineup. Speculation also touches on potential subscription-based features for camera bodies, though the success of such a model remains uncertain, given mixed results in other industries.


Tron: Ares Sets 2025 Premiere for Digital Realm Adventure : Disney is gearing up for the release of “Tron: Ares,” the third instalment in the Tron saga, with a planned premiere in 2025. The film promises to blend the iconic Tron aesthetics with modern visuals, teasing a look that aligns with popular games like Destiny or Fortnite. Directed by Joachim Rønning and featuring a star-studded cast including Jared Leto and Gillian Anderson, “Tron: Ares” explores the journey of a sophisticated programme named Ares, marking humanity’s first encounter with AI beings in a narrative that bridges the digital and real worlds.

Everything Else

Domain Defence Evolution: GlobalBlock Shields Brand Names : Domain registrars introduce GlobalBlock, allowing businesses to protect their brand by blocking registration of domains closely resembling their trademarks. This new measure targets not only similar spellings but also deceptive homoglyphs, preventing potential phishing and scam attacks. While it offers a robust defence against brand impersonation, concerns about its impact on free speech and domain name availability highlight a complex balance between trademark protection and public interest.

CACM Unlocks Six Decades of Computing Knowledge with Open Access Initiative : Communications of the ACM (CACM), a cornerstone in the computing field, has announced a transformative step by becoming fully Open Access. This shift grants universal access to its extensive archive of research articles, technical reports, and more, dating back over sixty years. The move aligns with ACM’s broader strategy to transition to Open Access by January 2026, aiming for a sustainable financial model. Already, a significant portion of ACM’s publications are available under the ACM Open model, and plans are underway to make over 600,000 articles freely accessible. This initiative not only widens the reach and impact of CACM’s contributions but also invites broader engagement with the global computer science community, enhancing the visibility of authors’ work and supporting ACM’s mission as the premier professional organisation in computer science.

Google’s Role in the Decline of RSS Feeds: A Critical Analysis : The article examines Google’s significant impact on the reduced adoption of RSS feeds, detailing how the company’s strategies have hindered the usability and popularity of RSS. By adopting an “Embrace, Extend, and Extinguish” approach, Google initially integrated RSS into its products to build user trust, only to later remove these features, disregarding user reliance and the open web ethos. Examples include the removal of the RSS button from Chrome, acquisition and limitation of FeedBurner, shutdown of Google Reader, exclusion of RSS from Google Alerts, elimination and temporary reinstatement of its RSS browser extension, and discontinuation of RSS in Google News. These actions collectively contributed to many users abandoning RSS feeds, despite a brief moment of potential revival with an announced RSS support update in Chrome that has yet to materialise. The narrative portrays Google’s fluctuating commitment to RSS as a significant factor undermining the technology’s adoption and underscores the importance of maintaining RSS features to support the open web.

Thank you for joining me in this week’s exploration of the tech universe. Amidst the endless stream of information, I strive to bring you news that is not only relevant but also thought-provoking. Your thoughts and feedback are always welcome. Don’t forget to spread the word about the Friday Tech Focus Newsletter and stay tuned for more curated insights next week!