Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

The Quantum Security Problem No One Is Ready For

Quantum computers are expected to deliver dramatic gains in processing speed and capability, with the potential to reshape fields ranging from scientific research to commercial innovation.

However, those same advantages could also make these machines attractive targets for cyberattacks, according to Swaroop Ghosh, a professor of computer science and electrical engineering at the Penn State School of Electrical Engineering and Computer Science.

Ghosh and co-author Suryansh Upadhyay, who recently earned his doctorate in electrical engineering from Penn State, examined these concerns in a new research paper that outlines key security weaknesses in current quantum computing systems. Published in the Proceedings of the Institute of Electrical and Electronics Engineers (IEEE), the study argues that protecting quantum computers will require more than software safeguards, emphasizing the importance of securing the underlying hardware as well.

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.

“Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe (which they often rename) to execute their code,” Trellix said in a report shared with The Hacker News. “This DLL side-loading technique allows the malware to bypass traditional signature-based security defenses.”

The campaign has been observed distributing a wide assortment of malware, such as Agent Tesla, CryptBot, Formbook, Lumma Stealer, Vidar Stealer, Remcos RAT, Quasar RAT, DCRat, and XWorm.

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access.

“The infection chain follows a tightly orchestrated execution path: an obfuscated VBS launcher executed via wscript.exe invokes a PowerShell downloader, which retrieves fragmented, text-based payloads from a remote host,” Securonix researchers Akshay Gaikwad, Shikha Sangwan, and Aaron Beardslee said in a technical report shared with The Hacker News.

“These fragments are reconstructed into encoded loaders, decoded in memory by a. NET Reactor–protected assembly, and used to fetch and apply a remote Remcos configuration. The final stage leverages MSBuild.exe as a living-off-the-land binary (LOLBin) to complete execution, after which the Remcos RAT backdoor is fully deployed and takes control of the compromised system.”

Malicious Chrome Extension Steals MEXC API Keys by Masquerading as Trading Tool

Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys associated with MEXC, a centralized cryptocurrency exchange (CEX) available in over 170 countries, while masquerading as a tool to automate trading on the platform.

The extension, named MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh), has 29 downloads and is still available on the Chrome Web Store as of writing. It was first published on September 1, 2025, by a developer named “jorjortan142.”

“The extension programmatically creates new MEXC API keys, enables withdrawal permissions, hides that permission in the user interface (UI), and exfiltrates the resulting API key and secret to a hardcoded Telegram bot controlled by the threat actor,” Socket security researcher Kirill Boychenko said in an analysis.

New VoidLink malware framework targets Linux cloud servers

A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures.

VoidLink is written in Zig, Go, and C, and its code shows signs of a project under active development, with extensive documentation, and likely intended for commercial purposes.

Malware analysts at cybersecurity company Check Point say that VoidLink can determine if it runs inside Kubernetes or Docker environments and adjust its behavior accordingly.

Elon Musk Gets Huge New Partnership

Questions to inspire discussion.

🤖 Q: How will the US military become an AI-first warfighting force?

A: The Department of War will implement continuous experimentation, conduct quarterly force-on-force combat labs, and deploy AI coordinated swarms across all domains from Pentagon back offices to tactical front lines, building on the military AI lead established during President Trump’s first term.

🎯 Q: What defines responsible AI for military applications?

A: The Department of War defines responsible AI as objectively truthful and mission-relevant capabilities employed securely within laws governing military activities, focusing on factually accurate models without ideological constraints limiting lawful military applications.

Talent Acquisition and Workforce.

Continue reading “Elon Musk Gets Huge New Partnership” | >
/* */