Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 2

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

The networking equipment major said it became aware of the intrusion campaign on December 10, 2025, and that it has singled out a “limited subset of appliances” with certain ports open to the internet. It’s currently not known how many customers are affected.

“This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance,” Cisco said in an advisory. “The ongoing investigation has revealed evidence of a persistence mechanism planted by the threat actors to maintain a degree of control over compromised appliances.”

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing.

This type of attack does not require any authentication, as the victim is tricked into linking the attacker’s browser to a WhatsApp device.

By doing so, threat actors gain access to the full conversation history and shared media, and may leverage information to impersonate users or commit fraud.

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges.

According to SonicWall, this medium-severity local privilege escalation security flaw (CVE-2025–40602) was reported by Clément Lecigne and Zander Work of the Google Threat Intelligence Group, and doesn’t affect SSL-VPN running on SonicWall firewalls.

“SonicWall PSIRT strongly advises users of the SMA1000 product to upgrade to the latest hotfix release version to address the vulnerability,” the company said in a Wednesday advisory.

Texas sues TV makers for taking screenshots of what people watch

The Texas Attorney General sued five major television manufacturers, accusing them of illegally collecting their users’ data by secretly recording what they watch using Automated Content Recognition (ACR) technology.

The lawsuits target Sony, Samsung, LG, and China-based companies Hisense and TCL Technology Group Corporation. Attorney General Ken Paxton’s office also highlighted “serious concerns” about the two Chinese companies being required to follow China’s National Security Law, which could give the Chinese government access to U.S. consumers’ data.

According to complaints filed this Monday in Texas state courts, the TV makers can allegedly use ACR technology to capture screenshots of television displays every 500 milliseconds, monitor the users’ viewing activity in real time, and send this information back to the companies’ servers without the users’ knowledge or consent.

Microsoft: Recent Windows updates break VPN access for WSL users

Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux.

This known issue affects users who installed the KB5067036 October 2025 non-security update, released October 28th, or any subsequent updates, including the KB5072033 cumulative update released during this month’s Patch Tuesday.

On impacted systems, users are experiencing connectivity issues with some third-party VPN applications when mirrored mode networking is enabled, preventing access to corporate resources.

Scientists Discover How To “Purify” Light, Paving the Way for Faster, More Secure Quantum Technology

University of Iowa scientists have identified a new way to “purify” photons, a development that could improve both the efficiency and security of optical quantum technologies.

The team focused on two persistent problems that stand in the way of producing a reliable stream of single photons, which are essential for photonic quantum computers and secure communication systems. The first issue, known as laser scatter, arises when a laser is aimed at an atom to trigger the release of a photon, the basic unit of light. Although this method successfully generates photons, it can also produce extra, unwanted ones. These additional photons reduce the efficiency of the optical system, similar to how stray electrical currents interfere with electronic circuits.

A second complication comes from the way atoms occasionally respond to laser light. In uncommon cases, an atom releases more than one photon at the same time. When this happens, the precision of the optical circuit suffers because the extra photons disrupt the intended orderly flow of single photons.

SoundCloud confirms breach after member data stolen, VPN access disrupted

Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database exposing users’ email addresses and profile information.

The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting via VPN, with attempts resulting in the site displaying 403 “forbidden” errors.

In a statement shared with BleepingComputer, SoundCloud said it recently detected unauthorized activity involving an ancillary service dashboard and activated its incident response procedures.

New Windows RasMan zero-day flaw gets free, unofficial patches

Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service.

RasMan is a critical Windows system service that starts automatically, runs in the background with SYSTEM-level privileges, and manages VPN, Point-to-Point Protocol over Ethernet (PPoE), and other remote network connections.

ACROS Security (which manages the 0patch micropatching platform) discovered a new denial-of-service (DoS) flaw while looking into CVE-2025–59230, a Windows RasMan privilege escalation vulnerability exploited in attacks that was patched in October.

/* */