Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

AI ‘blind spot’ could allow attackers to hijack self-driving vehicles

A newly discovered vulnerability could allow cybercriminals to silently hijack the artificial intelligence (AI) systems in self-driving cars, raising concerns about the security of autonomous systems increasingly used on public roads. Georgia Tech cybersecurity researchers discovered the vulnerability, dubbed VillainNet, and found it can remain dormant in a self-driving vehicle’s AI system until triggered by specific conditions. Once triggered, VillainNet is almost certain to succeed, giving attackers control of the targeted vehicle.

The research finds that attackers could program almost any action within a self-driving vehicle’s AI super network to trigger VillainNet. In one possible scenario, it could be triggered when a self-driving taxi’s AI responds to rainfall and changing road conditions. Once in control, hackers could hold the passengers hostage and threaten to crash the taxi.

The researchers discovered this new backdoor attack threat in the AI super networks that power autonomous driving systems.

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT).

“The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage PowerShell chain performs ETW and AMSI bypass before dropping a Lua-scripted shellcode loader, and the final implant communicates over HTTPS on port 443 using HTTP profiles that resemble legitimate web analytics traffic,” Elastic Security Labs said in a Friday report.

According to the enterprise search and cybersecurity company, MIMICRAT is a custom C++ RAT with support for Windows token impersonation, SOCKS5 tunneling, and a set of 22 commands for comprehensive post-exploitation capabilities. The campaign was discovered earlier this month.

FBI: Over $20 million stolen in surge of ATM malware attacks in 2025

The FBI warned that Americans lost more than $20 million last year amid a massive surge in ATM “jackpotting” attacks, in which criminals use malware to force cash machines to dispense money.

According to a Thursday FBI flash alert, more than 700 ATM jackpotting incidents were reported last year alone in a significant spike compared to the roughly 1,900 total incidents reported across the United States since 2020.

These attacks can be carried out in minutes and target the software layer controlling an ATM’s physical hardware, using malicious tools such as the Ploutus malware. Most often, they go undetected by financial institutions and ATM operators until the cash is already gone.

Japanese tech giant Advantest hit by ransomware attack

Advantest Corporation disclosed that its corporate network has been targeted in a ransomware attack that may have affected customer or employee data.

Preliminary investigation results revealed that an intruder gained access to certain parts of the company’s network on February 15.

Tokyo-based Advantest is a global leader in testing equipment for semiconductors, measuring instruments, digital consumer products, and wireless communications equipment.

PayPal discloses data breach that exposed user info for 6 months

PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year.

The incident affected the PayPal Working Capital (PPWC) loan app, which provides small businesses with quick access to financing.

PayPal discovered the breach on December 12, 2025, and determined that customers’ names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth had been exposed since July 1, 2025.

/* */