Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 5

Get the latest international news and world events from around the world.

Log in for authorized contributors

Google says 90 zero-days were exploited in attacks last year

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances.

The figure is a 15% increase compared to 2024, when 78 zero-days were exploited in the wild, but lower than the record 100 zero days tracked in 2023.

Zero-day vulnerabilities are security issues in software products that attackers exploit, usually before the vendor learns about them and develops a patch. They are highly valued by threat actors because they often enable initial access, remote code execution, or privilege escalation.

Chinese state hackers target telcos with new malware toolkit

A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices.

According to Cisco Talos researchers, the adversary is closely associated with the FamousSparrow and Tropic Trooper hacker groups, but is tracked as a separate activity cluster.

This assessment has high confidence and is based on similar tooling, tactics, techniques, and procedures (TTPs), and victimology observed in attacks attributed to the threat actors.

Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks

A previously undocumented set of 23 iOS exploits named “Coruna” has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks.

The Coruna kit contains five full iOS exploit chains, the most sophisticated leveraging non-public techniques and mitigation bypasses, for iOS versions 13.0 through 17.2.1 (released in December 2023).

Google Threat Intelligence Group (GTIG) researchers first observed activity related to the Coruna exploit kit in February 2025, in activity attributed to a surveillance vendor customer.

WordPress membership plugin bug exploited to create admin accounts

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites.

Developed by WPEverest, the plugin provides membership and user registration management features, including custom forms, payment integrations with PayPal and Stripe, bank transfers, and analytics.

The security vulnerability is tracked as CVE-2026–1492 and received a critical severity rating of 9.8. Because the plugin accepts a user-supplied role during membership registration, hackers can create administrator accounts without authentication.

/* */