Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Interestingly, the original extension developer has published several other extensions under their name on the Chrome Web Store, and all of them have received a Featured badge. The developer also has an account on ExtensionHub, although no extensions are currently listed for sale. What’s more, the individual has attempted to sell domains like “AIInfraStack[.]com” for $2,500, stating the “strong keyword domain” is “relevant for [sic] rapidly growing AI ecosystem.”

“This is the extension supply chain problem in a nutshell,” Annex Security said. “A ‘Featured,’ reviewed, functional extension changes hands, and the new owner pushes a weaponized update to every existing user.”

The disclosure comes as Microsoft warned of the malicious Chromium‑based browser extensions that masquerade as legitimate AI assistant tools to harvest LLM chat histories and browsing data.

Decoding alzheimer’s: The role of EEG rhythms and aperiodic components in cognitive decline

[Alzheimer’s disease: AD] Zhang et al.: “Increased theta band power was statistically significant in AD patients, highlighting its critical role in AD pathology.”

Your browser extensions or network settings have blocked the security verification process required by www.sciencedirect.com. To resolve this, try the following steps:

Temporarily disable browser extensions:

Liquid-metal pupil helps an artificial eye adapt to sudden light changes

Computer vision technologies are artificial intelligence (AI)-powered systems that can capture, analyze, and interpret visual data captured from real-world environments. While these systems are now widely used, many of them perform poorly under some lighting conditions and when the light in captured scenes changes abruptly.

Researchers at University of North Carolina at Chapel Hill, Westlake University and other institutes have developed a new artificial eye that draws inspiration from the eyes of humans, cats and other animals. This artificial eye, introduced in a paper published in Science Robotics, could be used to advance the sensing capabilities of robots, advanced security systems and autonomous vehicles.

“Our project grew from a simple problem: traditional machine vision systems (like the cameras deployed in self-driving cars or robots) struggle with extreme light changes, such as changes from pitch black to bright sunlight,” Dr. Kun Liang, first author of the paper, told Tech Xplore.

Persistent Sex Disparities in Pre‐Hospital Delay Among Patients With STEMI Despite Overall Improvements: Findings From the Chinese Cardiovascular Association Chest Pain Center Registry

Despite overall improvements, women with STEMI in China still face longer pre-hospital delays than men, especially in rural areas. The gap is driven mostly by delayed EMS calls. Cardiology.

HealthEquity STEMI

This website uses a security service to protect against malicious bots. This page is displayed while the website verifies you are not a bot.

Progression Independent of Relapse Activity in Aquaporin-4-IgG–Positive NMOSDA Decade-Long Cohort Study

This study assessed the frequency of PIRA in a well-characterized cohort of patients with AQP4-IgG–positive NMOSD with over a decade of follow-up.

This website uses a security service to protect against malicious bots. This page is displayed while the website verifies you are not a bot.

Making mini-lightning in a block of plastic

Lightning formation and the conditions triggering it have long been shrouded in a cloud of mystery, but new research led by Penn State scientists is lifting the fog. Using mathematical calculations, the researchers have discovered that lightning-like discharge doesn’t require a storm cloud—it could be made inside everyday material on a lab bench. The study is published in the journal Physical Review Letters.

“We applied the same exact models that we use for lightning research but shrank down the scale to slightly larger than a deck of cards,” said Victor Pasko, professor of electrical engineering at Penn State and lead author on the paper. “We calculated that when supplied with a high-powered electron source, lightning can be triggered in everyday insulating materials like glass, acrylic and quartz.”

The team used detailed numerical simulations to show that lightning-like radiation bursts could form inside small solid blocks, under conditions achievable in the lab. The work, if proven experimentally, could have implications for more compact and potentially safer X-ray sources in doctors’ offices and security checkpoints, the researchers said. The primary benefit, however, would be to enable the study of a powerful natural phenomenon on a lab bench.

Google says 90 zero-days were exploited in attacks last year

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances.

The figure is a 15% increase compared to 2024, when 78 zero-days were exploited in the wild, but lower than the record 100 zero days tracked in 2023.

Zero-day vulnerabilities are security issues in software products that attackers exploit, usually before the vendor learns about them and develops a patch. They are highly valued by threat actors because they often enable initial access, remote code execution, or privilege escalation.

WordPress membership plugin bug exploited to create admin accounts

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites.

Developed by WPEverest, the plugin provides membership and user registration management features, including custom forms, payment integrations with PayPal and Stripe, bank transfers, and analytics.

The security vulnerability is tracked as CVE-2026–1492 and received a critical severity rating of 9.8. Because the plugin accepts a user-supplied role during membership registration, hackers can create administrator accounts without authentication.

/* */