Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security

New ‘HTTP/2 Bomb’ DoS attack crashes web servers in under a minute

A new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds.

The technique works on default HTTP/2 configurations of major web servers, including NGINX, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora.

Discovered by OpenAI’s Codex software agent under the guidance of researchers at offensive security firm Calif, HTTP/2 Bomb combines two previously known HTTP/2 DoS methods: the HPACK compression amplification and Slowloris-style resource retention via HTTP/2 flow-control stalling.

Acer working to patch max severity zero-days in Wave 7 routers

Acer confirmed that it’s working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers.

According to a Friday security advisory, the two security flaws were reported by security researcher Gergo Pap and affect Wave 7 routers running firmware version T7c_GBL_1.01.000055 or earlier.

The first zero-day, a broken access control vulnerability tracked as CVE-2026–49200, can allow unauthenticated attackers to remotely access plaintext credentials stored in log archives.

Google adds Android protection against AI deepfake scam calls

Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user’s personal contacts.

Called “fake call detection,” the feature is rolling out globally this month to Android 12 and later devices, starting with Pixel devices, and will be enabled by default.

Once activated, it works automatically when both a caller and recipient are using Phone by Google: when a contact places a call, their device sends a silent, encrypted confirmation signal to the recipient’s device in real time.

Instagram users locked out after Meta AI abused to steal accounts

Multiple Instagram users had their accounts hijacked after attackers convinced Meta’s AI-powered support tools that they were the legitimate owners.

In many cases, impacted users are unable to recover access due to the platform’s use of automated assistance that involves only AI/chatbot loops and no human support agents.

On Monday, multiple holders of rare and high-value accounts reported suddenly losing access to their accounts, claiming that their identities had been verified via facial scans and that they had enabled safeguards such as two-factor authentication (2FA).

Critical Kirki flaw exploited to hijack WordPress admin accounts

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026–8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours.

The full name of the plugin is Kirki — Freeform Page Builder, Website Builder & Customizer. It is a freeform visual builder and advanced theme customizer active on more than 500,000 websites.

AI and ultralow-energy lasers enable an ultrafast authentication system

The security of modern communications heavily relies on systems that can rapidly and reliably verify users and the devices they are using. This process, known as authentication, essentially entails confirming that users or devices are legitimate (i.e., who or what they claim to be).

Conventional authentication systems rely on static cryptographic keys, fixed digital keys that allow encryption algorithms to scramble readable data into unreadable texts or vice versa. While these systems perform well in some contexts, they often struggle when networks include billions of devices that continuously connect and disconnect.

Researchers at King Abdullah University of Science and Technology (KAUST) recently developed a new system that could authenticate devices faster and more reliably in real time, even when they are connecting to large-scale networks, cloud services or virtual environments.

Quantum computing could transform energy grid optimization and security

Modern power systems are rapidly evolving into highly digitized smart grids, increasing their complexity at an unprecedented pace. Renewables, batteries, electric vehicles, power electronics, sensors and real-time control systems are all expanding rapidly, and this is making electricity grids significantly harder to simulate, optimize, secure and operate.

This is driven by the increasing energy demands of a tech-driven modern world. Think of a suburban street in 2005—every house pulled electricity from the grid, and power flowed in one direction from big power stations.

This same street in 2026 might have houses with rooftop solar exporting power back into the grid; electric vehicles (EVs) that need to charge overnight; home batteries storing solar energy and feeding it back into the grid when prices spike; electric busses, electric irrigation pumps, automated machinery and smart appliances that turn on and off based on grid signals.

/* */