Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 8

Sophisticated sensors offer precision measurement for fusion research

Nuclear fusion is a source of great hope for future energy security, with this field being explored in research reactors around the world. Accurately detecting their performance requires measurement systems that supply valid data even under extreme conditions. And the centerpiece of those systems are the bolometers from the Fraunhofer Institute for Microengineering and Microsystems IMM. Experts from the institute will be presenting their sophisticated sensors at the joint Fraunhofer booth (Hall 2, Booth B24) at this year’s Hannover Messe trade show from March 31 to April 4.

Fusion technology could be the solution to the increasing energy needs of the growing global population, but it is a highly demanding technology. The current challenge is to carry out experiments that produce more energy than they consume. To accurately capture advances in this field, specialists need exceptionally sensitive measuring instruments to analyze and control the complex processes taking place inside the reactors. Determining how much power is emitted from the fusion plasma is crucial to this.

Hackers abuse WordPress MU-Plugins to hide malicious code

Hackers are utilizing the WordPress mu-plugins (“Must-Use Plugins”) directory to stealthily run malicious code on every page while evading detection.

The technique was first observed by security researchers at Sucuri in February 2025, but adoption rates are on the rise, with threat actors now utilizing the folder to run three distinct types of malicious code.

“The fact that we’ve seen so many infections inside mu-plugins suggests that attackers are actively targeting this directory as a persistent foothold,” explains Sucuri’s security analyst Puja Srivastava.

New Ubuntu Linux security bypasses require manual mitigations

Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.

The issues allow local unprivileged users to create user namespaces with full administrative capabilities and impact Ubuntu versions 23.10, where unprivileged user namespaces restrictions are enabled, and 24.04 which has them active by default.

Linux user namespaces allow users to act as root inside an isolated sandbox (namespace) without having the same privileges on the host.

Microsoft’s killing script used to avoid Microsoft Account in Windows 11

Microsoft has removed the ‘BypassNRO.cmd’ script from Windows 11 preview builds, which allowed users to bypass the requirement to use a Microsoft Account when installing the operating system.

This change was introduced in the latest Windows 11 Insider Dev preview build, which means it will likely be coming to production builds.

“We’re removing the bypassnro.cmd script from the build to enhance security and user experience of Windows 11,” reads the Windows 11 Insider Preview Build 26200.5516 release notes.

Web3 Is The Home For Autonomous Consumer AI Agents

AI agents need two things to succeed in this space: infinite scalability and the ability to connect agents from different blockchains. Without the former, agents do not have infrastructure with sufficient capacity to transact. Without the latter, agents would be off on their own island blockchains, unable to truly connect with each other. As agent actions become more complex on chain, more of their data will also have to live on the ledger, making optimizing for both of these factors important right now.

Because of all of this, I believe the next frontier of AI agents on blockchains is in gaming, where their training in immersive worlds will inevitably lead to more agentic behavior crossing over to non-gaming consumer spaces.

If the future of autonomous consumer AI agents sounds scary, it is because we have not yet had a way to independently verify LLM training models or the actions of AI agents so far. Blockchain provides the necessary transparency and transaction security so that this inevitable phenomenon can operate on safer rails. I believe the final home for these AI agents will be Web3.

Neil deGrasse Tyson Breaks in Tears “Google Quantum Chip Just Proved Einstein’s Theory WRONG”

Our machines will be smart enough and eventually we will through intelligence enhancement.

For over a century, Einstein’s theories have been the bedrock of modern physics, shaping our understanding of the universe and reality itself. But what if everything we thought we knew was just the surface of a much deeper truth? In February 2025, at Google’s high-security Quantum A-I Campus in Santa Barbara, a team of scientists gathered around their latest creation — a quantum processor named Willow. What happened next would leave even Neil deGrasse Tyson, one of the world’s most renowned astrophysicists, in tears. This is the story of how a cutting-edge quantum chip opened a door that many thought would remain forever closed, challenging our most fundamental beliefs about the nature of reality. This is a story you do not want to miss.

New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It

Whether it’s CRMs, project management tools, payment processors, or lead management tools — your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more.

A new report, Understanding SaaS Security Risks: Why CASB Solutions Fail to Cover ‘Shadow’ SaaS and SaaS Governance, highlighting the pressing security challenges faced by enterprises using SaaS applications. The research underscores the growing inefficacy of traditional CASB solutions and introduces a revolutionary browser-based approach to SaaS security that ensures full visibility and real-time protection against threats.

Below, we bring the main highlights of the report. Read the full report here.

Dozens of solar inverter flaws could be exploited to attack power grids

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor’s cloud platform.

The potential impact of the security problems has been assessed as severe because they could be used in attacks that could at least influence grid stability, and affect user privacy.

In a grimmer scenario, the vulnerabilities could be exploited to disrupt or damage power grids by creating an imbalance between power generation and demand.

Mozilla warns Windows users of critical Firefox sandbox escape flaw

Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser’s sandbox on Windows systems.

Tracked as CVE-2025–2857, this flaw is described as an “incorrect handle could lead to sandbox escapes” and was reported by Mozilla developer Andrew McCreight.

The vulnerability impacts the latest Firefox standard and extended support releases (ESR) designed for organizations that require extended support for mass deployments. Mozilla fixed the security flaw in Firefox 136.0.4 and Firefox ESR versions 115.21.1 and 128.8.1.

Oracle customers confirm data stolen in alleged cloud breach is valid

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Last week, a person named ‘rose87168’ claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The threat actor released multiple text files consisting of a database, LDAP data, and a list of 140,621 domains for companies and government agencies that were allegedly impacted by the breach. It should be noted that some of the company domains look like tests, and there are multiple domains per company.