Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 7

Get the latest international news and world events from around the world.

Log in for authorized contributors

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.

The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active since May 2025.

“Developers are approached via social platforms like LinkedIn and Facebook, or through job offerings on forums like Reddit,” ReversingLabs researcher Karlo Zanki said in a report. “The campaign includes a well-orchestrated story around a company involved in blockchain and cryptocurrency exchanges.”

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads.

Beukema documented four previously unknown techniques for manipulating Windows LNK shortcut files to hide malicious targets from users inspecting file properties.

LNK shortcuts were introduced with Windows 95 and use a complex binary format that allows attackers to create deceptive files that appear legitimate in Windows Explorer’s properties dialog but execute entirely different programs when opened.

Fake AI Chrome extensions with 300K users steal credentials, emails

A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.

Some of the extensions are still present in the Chrome Web Store and have been installed by tens of thousands of users, while others show a small install count.

Researchers at browser security platform LayerX discovered the malicious extension campaign and named it AiFrame. They found that all analyzed extensions are part of the same malicious effort as they communicate with infrastructure under a single domain, tapnetic[.]pro.

Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks

Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals.

Tracked as CVE-2026–20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS.

Apple’s security bulletin warns that an attacker with memory write capability may be able to execute arbitrary code on affected devices.

This $20 CISSP course bundle helps you study for this grueling certification

Want to make a career jump in 2026? If cybersecurity is on your radar, you’ll want to get prepared for the CISSP exam, one of the most prestigious credentials in the industry that signals you’re ready for high-level roles.

Now, you can learn right from the couch with the CISSP Security and Risk Management Training Bundle, on sale for just $19.99, with no coupon code required.

You don’t have to head back to school to get prepped for a cybersecurity career. The CISSP Security & Risk Management Training Bundle can prepare you in the comfort of your home. This bundle of eight courses teaches you how to protect computers, networks, and data from threats and helps you master the eight domains information security professionals should know.

Odido data breach exposes personal info of 6.2 million customers

Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers.

Odido is one of the largest mobile and telecommunications providers in the Netherlands, offering mobile, broadband, and television services to millions of customers nationwide. The company was formed in 2023 through the rebranding of T-Mobile Netherlands and Tele2 Netherlands.

The company says they detected the incident on the weekend of February 7 and launched an investigation with internal and external cybersecurity experts.

WordPress plugin with 900k installs vulnerable to critical RCE flaw

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.

The security issue is tracked as CVE-2026–1357 and received a severity score of 9.8. It impacts all versions of the plugin up to 0.9.123 and could lead to a complete website takeover.

Despite the severity of the issue, researchers at WordPress security company Defiant say that only sites with the non-default “receive backup from another site” option enabled are critically impacted.

Introducing GPT-5.3-Codex-Spark

Codex-Spark is rolling out today as a research preview for ChatGPT Pro users in the latest versions of the Codex app, CLI, and VS Code extension. Because it runs on specialized low-latency hardware, usage is governed by a separate rate limit that may adjust based on demand during the research preview. In addition, we are making Codex-Spark available in the API for a small set of design partners to understand how developers want to integrate Codex-Spark into their products. We’ll expand access over the coming weeks as we continue tuning our integration under real workloads.

Codex-Spark is currently text-only at a 128k context window and is the first in a family of ultra-fast models. As we learn more with the developer community about where fast models shine for coding, we’ll introduce even more capabilities–including larger models, longer context lengths, and multimodal input.

Codex-Spark includes the same safety training as our mainline models, including cyber-relevant training. We evaluated Codex-Spark as part of our standard deployment process, which includes baseline evaluations for cyber and other capabilities, and determined that it does not have a plausible chance of reaching our Preparedness Framework threshold for high capability in cybersecurity or biology.

NuMA promotes constitutive heterochromatin compaction by stabilizing linker histone H1 on chromatin

The nuclear repeat length (NRL) was calculated using NRLfinder as previous publication.33 Briefly, read lengths were extracted and converted into a frequency histogram, which was then smoothed using a digital 6th-order Butterworth filter with a zero-phase shift and a cutoff frequency of 0.04 cycles/read. This cutoff was empirically optimized to reduce noise from mononucleosomal DNA winding artifacts. Local minima and maxima were identified from the first derivative of the filtered histogram, with the second peak maximum corresponding to the dinucleosomal periodicity. The NRL shift between conditions (e.g., control vs. NuMA-depleted HCT116 cells) was calculated the mean difference between the first two peak maxima of each sample. All analyses were performed in Python 3.9 with NumPy, SciPy, and Matplotlib libraries.

For chromatin-state modeling, we used the ChromHMM (v.1.19).32 The input data of ATAC-seq and RNA-seq reported in this manuscript was generated as described above. Additional input data including ChIP-seq for CTCF, H3K4me3, H3K27me3, H3K4me1, H3K36me3 and H3K9me3 were download from ENCODE (https://www.encodeproject.org). briefly, raw bam files were download and replicates were combined. BinarizeBam and LearnModel tools in ChromHMM was used to generate chromatin state model with default settings. Emissions parameters were visualized in R.

Spectrin coordinates cell shape and signaling essential for epidermal differentiation

Arad Soffer, Aishwarya Bhosale, Carien M. Niessen, Chen Luxenburg, Matthias Rübsam (Universität zu Köln) and colleagues identify spectrin as a central component of epithelial cortical actomyosin networks to control cortex mechanics and signaling.

Cell shape and fate are tightly linked, yet how the cortical cytoskeleton integrates regulation of shape and fate remains unclear. Using the multilayered epidermis as a paradigm for cell shape–guided changes in differentiation, we identify spectrin as an essential organizer of the actomyosin cortex to integrate transitions in cell shape with spatial organization of signaling. Loss of αII-spectrin (Sptan1) in mouse epidermis altered cell shape in all layers and impaired differentiation and barrier formation. High-resolution imaging and laser ablation revealed that E-cadherin organizes gradients of cortical actin and spectrin into layer-specific submembranous networks with discrete structural and mechanical properties that coordinate cell shape and fate. This layer-specific organization dissipates tension and, in upper layers, retains activated growth factor receptor EGFR and the calcium channel TRPV3 at the membrane to induce terminal differentiation. Together, these findings reveal how polarized organization of the cortical cytoskeleton directs transitions in cell shape and cell fate at the tissue scale necessary to establish epithelial barriers.

/* */