Security – Lifeboat News: The Blog

Mar 24
2026

Superconducting chip generates tunable terahertz waves for compact imaging

A tiny crystal chip which uses terahertz radiation to see clearly through a wide range of materials could find applications in health care, biological research, and security screening. Researchers from Scotland and Japan have developed a lightweight superconducting chip, which they say could unlock the full potential of terahertz imaging technologies and lead to the development of more powerful and portable devices.

The team’s paper, titled “Terahertz Imaging System with On-Chip Superconducting Josephson Plasma Emitters for Nondestructive Testing,” is published in IEEE Transactions on Applied Superconductivity.

Terahertz radiation lies between the microwave and infrared frequencies of the electromagnetic spectrum. It passes easily and harmlessly through a wide range of materials, and can be used to identify the characteristic “fingerprint” of molecules and biological materials as it does so, allowing them to be detected and analyzed.

Mar 24
2026

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

Mar 20
2026

New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores

A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover.

There are no signs of the issue being actively exploited in the wild, but eCommerce security company Sansec warns that “the exploit method is circulating already” and expects automated attacks to start soon.

Adobe has released a fix, but it is only available in the second alpha release for version 2.4.9, leaving production versions vulnerable. Sansec says that Adobe offers a “sample web server configuration that would largely limit the fallout,” but most stores rely on a setup from their hosting provider.

Mar 19
2026

A Spanish startup founded in April 2025 validates in record time an AI-powered perimeter surveillance system with sensor fusion

Spanish startup Sentitech tests an AI double-dome security system that tracks threats up to 3 kilometers in real air traffic.

Mar 19
2026

New “Darksword” iOS exploit used in infostealer attack on iPhones

A new exploit kit for iOS devices and delivery framework dubbed “DarkSword” has been used to steal a wide range of personal information, including data from cryptocurrency wallet apps.

DarkSword targets iPhones running iOS 18.4 through 18.7 and is linked to multiple actors, including UNC6353, suspected to be Russian, who used the Coruna exploit chain disclosed earlier this month.

Researchers at mobile security company Lookout discovered DarkSword while investigating the infrastructure used for the Coruna attacks. Google’s Threat Intelligence Group and iVerify also collaborated for a more comprehensive analysis of this previously unknown threat and the adversaries leveraging it.

Mar 18
2026

Apple pushes first Background Security Improvements update to fix WebKit flaw

Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026–20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.

The CVE-2026–20643 flaw allows malicious web content to bypass the browser’s Same Origin Policy.

Apple says the flaw is a cross-origin issue in the Navigation API that was addressed with improved input validation.

Mar 17
2026

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

To establish persistence, the LNK files are copied to the Windows Startup folder so that they are automatically launched following a system reboot. The attack chain then displays a URL containing lures related to installing Starlink or a Ukrainian charity named Come Back Alive Foundation.

The HTML file is eventually executed via the Microsoft Edge browser in headless mode, which then loads the remote obfuscated script hosted on Pastefy.

The browser is executed with additional parameters like –no-sandbox, –disable-web-security, –allow-file-access-from-files, –use-fake-ui-for-media-stream, –auto-select-screen-capture-source=true, and –disable-user-media-security, granting it access to the local file system, as well as camera, microphone, and screen capture without requiring any user interaction.

Mar 14
2026

Microsoft: Windows 11 users can’t access C: drive on some Samsung PCs

Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are unable to launch applications.

The company says it is working with Samsung to determine whether the problem is related to the Windows updates or Samsung software installed on affected devices.

“Users might encounter the error, ‘C:\ is not accessible – Access denied’, which prevents access to files and blocks the launch of some applications including Outlook, Office apps, web browsers, system utilities and Quick Assist,” explains Microsoft.

Mar 13
2026

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple backports CVE-2023–43010 WebKit fix after Coruna exploit kit abused iOS flaws, protecting older iPhones and iPads from memory corruption attacks

Mar 12
2026

Rates of Unbalanced Chromosome Rearrangements Associated with Pericentric and Paracentric Inversions: Analysis of Molecular Chromosome Results in Embryo Samples

PGT-SR reveals that even small pericentric and paracentric inversions carry a small but measurable reproductive risk, challenging assumptions of minimal impact in IVF outcomes.

This website uses a security service to protect against malicious bots. This page is displayed while the website verifies you are not a bot.