Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 3

Our machines will be smart enough and eventually we will through intelligence enhancement.

For over a century, Einstein’s theories have been the bedrock of modern physics, shaping our understanding of the universe and reality itself. But what if everything we thought we knew was just the surface of a much deeper truth? In February 2025, at Google’s high-security Quantum A-I Campus in Santa Barbara, a team of scientists gathered around their latest creation — a quantum processor named Willow. What happened next would leave even Neil deGrasse Tyson, one of the world’s most renowned astrophysicists, in tears. This is the story of how a cutting-edge quantum chip opened a door that many thought would remain forever closed, challenging our most fundamental beliefs about the nature of reality. This is a story you do not want to miss.

Read more | >

Whether it’s CRMs, project management tools, payment processors, or lead management tools — your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more.

A new report, Understanding SaaS Security Risks: Why CASB Solutions Fail to Cover ‘Shadow’ SaaS and SaaS Governance, highlighting the pressing security challenges faced by enterprises using SaaS applications. The research underscores the growing inefficacy of traditional CASB solutions and introduces a revolutionary browser-based approach to SaaS security that ensures full visibility and real-time protection against threats.

Below, we bring the main highlights of the report. Read the full report here.

Read more | >

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor’s cloud platform.

The potential impact of the security problems has been assessed as severe because they could be used in attacks that could at least influence grid stability, and affect user privacy.

In a grimmer scenario, the vulnerabilities could be exploited to disrupt or damage power grids by creating an imbalance between power generation and demand.

Read more | >

Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser’s sandbox on Windows systems.

Tracked as CVE-2025–2857, this flaw is described as an “incorrect handle could lead to sandbox escapes” and was reported by Mozilla developer Andrew McCreight.

The vulnerability impacts the latest Firefox standard and extended support releases (ESR) designed for organizations that require extended support for mass deployments. Mozilla fixed the security flaw in Firefox 136.0.4 and Firefox ESR versions 115.21.1 and 128.8.1.

Read more | >

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Last week, a person named ‘rose87168’ claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The threat actor released multiple text files consisting of a database, LDAP data, and a list of 140,621 domains for companies and government agencies that were allegedly impacted by the breach. It should be noted that some of the company domains look like tests, and there are multiple domains per company.

Read more | >

Researchers from the University of Science and Technology of China (USTC) of the Chinese Academy of Sciences revealed that not all forms of quantum nonlocality guarantee intrinsic randomness. They demonstrated that violating two-input Bell inequalities is both necessary and sufficient for certifying randomness, but this equivalence breaks down in scenarios involving multiple inputs. The study is published in Physical Review Letters.

Quantum mechanics is inherently probabilistic, and this intrinsic has been leveraged for applications like random number generation. However, ensuring the security of these random numbers in real-world scenarios is challenging due to potential vulnerabilities in the devices used.

Bell nonlocality, where particles exhibit correlations that cannot be explained by classical physics, offers a way to certify randomness without trusting the devices. Previous studies have shown that violating Bell inequalities can certify randomness in simple two-input, two-output systems. However, the applicability of this principle to more complex, multiple-input, multiple-output (MIMO) systems has been unclear.

Read more | >

A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month.

Uncovered by Trend Micro staff researcher Aliakbar Zahravi, this security feature bypass (dubbed ‘MSC EvilTwin’ and now tracked as CVE-2025–26633) resides in how MSC files are handled on vulnerable devices.

Attackers can leverage the vulnerability to evade Windows file reputation protections and execute code because the user is not warned before loading unexpected MSC files on unpatched devices.

Read more | >