Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security

New LandFall spyware exploited Samsung zero-day via WhatsApp messages

A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp.

The security issue was patched this year in April, but researchers found evidence that the LandFall operation was active since at least July 2024, and targeted select Samsung Galaxy users in the Middle East.

Identified as CVE-2025–21042, the zero-day is an out-of-bounds write in libimagecodec.quram.so and has a critical severity rating. A remote attacker successfully exploiting it can execute arbitrary code on a target device.

Common Sweetener Could Damage Critical Brain Barrier, Risking Stroke

Found in everything from protein bars to energy drinks, erythritol has long been considered a safe alternative to sugar.

But research suggests this widely used sweetener may be quietly undermining one of the body’s most crucial protective barriers – with potentially serious consequences for heart health and stroke risk.

A study from the University of Colorado suggests erythritol may damage cells in the blood-brain barrier, the brain’s security system that keeps out harmful substances while letting in nutrients.

Brain-inspired chips are helping electronic noses better mimic human sense of smell

After years of trying, the electronic nose is finally making major progress in sensing smells, almost as well as its human counterpart. That is the conclusion of a scientific review into the development of neuromorphic olfactory perception chips (NOPCs), published in the journal Nature Reviews Electrical Engineering.

Evolution has perfected the human nose over millions of years. This powerful sense organ, while not the best in the animal kingdom, can still detect around a trillion smells. The quest to develop electronic noses with human nose-like abilities for applications like security, robotics, and medical diagnostics has proved notoriously difficult. So scientists have increasingly been turning to neuromorphic computing, which involves designing software and hardware that mimics the structure and function of the human nose.

In this review, a team of scientists from China highlights some of the key advances in developing olfactory sensing chips. The paper focuses heavily on because they are key components of the system. They must physically detect and convert them into electrical signals.

“Update and Shut Down” Now Actually Shuts Down Your Windows PC

For Mac/Linux users out there who might not be familiar, the bug in question would cause your PC to randomly restart after clicking the “Update and shut down” button, leaving many users wondering if they had accidentally chosen the wrong option. While largely harmless, it became one of the most infamous errors in Microsoft’s OS due to its sheer annoyance and the company’s apparent reluctance to address it for nearly a decade, with some users reporting it as far back as eight years ago in Windows 10.

Marking the end of an era of sorts, the KB5067036 non-security update for Windows 11 has finally resolved the bug, with Microsoft fixing the “underlying issue” that prevented the “Update and shut down” button from actually shutting down your PC. Moreover, the new version also tackles the bug that could cause Windows Update to fail with error 0x800f0983, hopefully making the process of updating your PC a bit less cumbersome.

The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations

Security Operations Centers (SOC) today are overwhelmed. Analysts handle thousands of alerts every day, spending much time chasing false positives and adjusting detection rules reactively. SOCs often lack the environmental context and relevant threat intelligence needed to quickly verify which alerts are truly malicious. As a result, analysts spend excessive time manually triaging alerts, the majority of which are classified as benign.

Addressing the root cause of these blind spots and alert fatigue isn’t as simple as implementing more accurate tools. Many of these traditional tools are very accurate, but their fatal flaw is a lack of context and a narrow focus — missing the forest for the trees. Meanwhile, sophisticated attackers exploit exposures invisible to traditional reactive tools, often evading detection using widely-available bypass kits.

While all of these tools are effective in their own right, they often fail because of the reality that attackers don’t employ just one attack technique, exploit just one type of exposure or weaponize a single CVE when breaching an environment. Instead, attackers chain together multiple exposures, utilizing known CVEs where helpful, and employing evasion techniques to move laterally across an environment and accomplish their desired goals. Individually, traditional security tools may detect one or more of these exposures or IoCs, but without the context derived from a deeply integrated continuous exposure management program, it can be nearly impossible for security teams to effectively correlate otherwise seemingly disconnected signals.

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.

The vulnerability in question is CVE-2025–59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week.

Hackers launch mass attacks exploiting outdated WordPress plugins

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE).

WordPress security firm Wordfence says that it blocked 8.7 million attack attempts against its customers in just two days, October 8 and 9.

The campaign expoits three flaws, tracked as CVE-2024–9234, CVE-2024–9707, and CVE-2024–11972, all rated critical (CVSS 9.8).

Open letter calls for prohibition on superintelligent AI, highlighting growing mainstream concern

An open letter released Wednesday has called for a ban on the development of artificial intelligence systems considered to be “superintelligent” until there is broad scientific consensus that such technologies can be created both safely and in a manner the public supports.

The statement, issued by the nonprofit Future of Life Institute, has been signed by more than 700 individuals, including Nobel laureates, technology industry veterans, policymakers, artists, and public figures such as Prince Harry and Meghan Markle, the Duke and Duchess of Sussex.

The letter reflects deep and accelerating concerns over projects undertaken by technology giants like Google, OpenAI, and Meta Platforms that are seeking to build artificial intelligence capable of outperforming humans on virtually every cognitive task. According to the letter, such ambitions have raised fears about unemployment due to automation, loss of human control and dignity, national security risks, and the possibility of far-reaching social or existential harms.

Startup turns mining waste into critical metals for the U.S

Today, China dominates the processing of rare earth elements, refining around 60 percent of those materials for the world. With demand for such materials forecasted to skyrocket, the Biden administration has said the situation poses national and economic security threats.

Substantial quantities of rare earth metals are sitting unused in the United States and many other parts of the world today. The catch is they’re mixed with vast quantities of toxic mining waste.

Phoenix Tailings is scaling up a process for harvesting materials, including rare earth metals and nickel, from mining waste. The company uses water and recyclable solvents to collect oxidized metal, then puts the metal into a heated molten salt mixture and applies electricity.

/* */