Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security

Dario Amodei — “We are near the end of the exponential”

Predicts significant advancements in AI capabilities within the next decade, which will have a profound impact on society, economy, and individuals, and emphasizes the need for careful governance, equitable distribution of benefits, and responsible development to mitigate risks and maximize benefits ## ## Questions to inspire discussion.

AI Scaling and Progress.

Q: What are the key factors driving AI progress according to the scaling hypothesis?

A: Compute, data quantity and quality, training duration, and objective functions that can scale massively drive AI progress, per Dario Amodei’s “Big Blob of Compute Hypothesis” from 2017.

Q: Why do AI models trained on broad data distributions perform better?

A: Models like GPT-2 generalize better when trained on wide variety of internet text rather than narrow datasets like fanfiction, leading to superior performance on diverse tasks.

Continue reading “Dario Amodei — “We are near the end of the exponential”” | >

CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.

Microsoft Configuration Manager (also known as ConfigMgr and formerly System Center Configuration Manager, or SCCM) is an IT administration tool for managing large groups of Windows servers and workstations.

Tracked as CVE-2024–43468 and reported by offensive security company Synacktiv, this SQL injection vulnerability allows remote attackers with no privileges to gain code execution and run arbitrary commands with the highest level of privileges on the server and/or the underlying Microsoft Configuration Manager site database.

12 Emerging Innovative Technology Areas for Government Prioritization

By Chuck Brooks

#technology #government #security

By Chuck Brooks, president of Brooks Consulting International

The future of innovation in both government and industry will not be distinguished by singular breakthroughs, but rather by the convergence and meshing of a number of different new technologies. Going forward, industries, national security, economic competitiveness, privacy and almost every aspect of everyday life will all be reshaped as a result of this integrated ecosystem, which encompasses artificial intelligence, quantum computing, improved connectivity, space systems and other areas.

12 Emerging Innovative Technology Areas for Government Prioritization

Twelve crucial technical domains will help propel the federal government toward this convergent transformation.

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads.

Beukema documented four previously unknown techniques for manipulating Windows LNK shortcut files to hide malicious targets from users inspecting file properties.

LNK shortcuts were introduced with Windows 95 and use a complex binary format that allows attackers to create deceptive files that appear legitimate in Windows Explorer’s properties dialog but execute entirely different programs when opened.

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.

Some of the extensions are still present in the Chrome Web Store and have been installed by tens of thousands of users, while others show a small install count.

Researchers at browser security platform LayerX discovered the malicious extension campaign and named it AiFrame. They found that all analyzed extensions are part of the same malicious effort as they communicate with infrastructure under a single domain, tapnetic[.]pro.

Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks

Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals.

Tracked as CVE-2026–20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.

Apple’s security bulletin warns that an attacker with memory write capability may be able to execute arbitrary code on affected devices.

WordPress plugin with 900k installs vulnerable to critical RCE flaw

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.

The security issue is tracked as CVE-2026–1357 and received a severity score of 9.8. It impacts all versions of the plugin up to 0.9.123 and could lead to a complete website takeover.

Despite the severity of the issue, researchers at WordPress security company Defiant say that only sites with the non-default “receive backup from another site” option enabled are critically impacted.

/* */