Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security

Microsoft rolls out hardware-accelerated BitLocker in Windows 11

Microsoft is rolling out hardware-accelerated BitLocker in Windows 11 to address growing performance and security concerns by leveraging the capabilities of system-on-a-chip and CPU.

BitLocker is the native full-disk encryption feature in Windows that protects data from being readable without proper authentication. During normal device boot, it relies on the Trusted Platform Module (TPM) to securely manage encryption keys and automatically unlock the drive.

Microsoft states that as non-volatile memory express (NVMe) storage has become more performant, BitLocker’s cryptographic operations have a more noticeable performance impact for gaming and video editing activities.

Malicious extensions in Chrome Web store steal user credentials

Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data.

Both extensions are still present in Chrome’s official marketplace at the time of writing and have been active since at least 2017, according to a report from researchers at the Socket supply-chain security platform.

Phantom Shuttle’s target audience is users in China, including foreign trade workers who need to test connectivity from various locations in the country.

AI Bathroom Monitors? Welcome To America’s New Surveillance High Schools

This isn’t a high-security government facility. It’s Beverly Hills High School.

District superintendent Alex Cherniss says the striking array of surveillance tools is a necessity, and one that ensures the safety of his students. “We are in the hub of an urban setting of Los Angeles, in one of the most recognizable cities on the planet. So we are always a target and that means our kids are a target and our staff are a target,” he said. In the 2024–2025 fiscal year, the district spent $4.8 million on security, including staff. The surveillance system spots multiple threats per day, the district said.

Beverly Hills’ apparatus might seem extreme, but it’s not an outlier. Across the U.S., schools are rolling out similar surveillance systems they hope will keep them free of the horrific and unceasing tide of mass shootings. There have been 49 deaths from gunfire on school property this year. In 2024, there were 59, and in 2023 there were 45, per Everytown for Gun Safety. Between 2000 and 2,022,131 people were killed and 197 wounded at schools in the U.S., most of them children. Given those appalling metrics, allocating a portion of your budget to state of the art AI-powered safety and surveillance tools is a relatively easy decision.

Quantum entanglement could connect drones for disaster relief, bypassing traditional networks

Any time you use a device to communicate information—an email, a text message, any data transfer—the information in that transmission crosses the open internet, where it could be intercepted. Such communications are also reliant on internet connectivity, often including wireless signal on either or both ends of a transmission.

But what if two—or 10, or 100, or 1,000—entities could be connected in such a way that they could communicate information without any of those security or connectivity concerns?

That’s the challenge that Alexander DeRieux, a Virginia Tech Ph.D. student and Bradley Fellow in the Bradley Department of Electrical and Computer Engineering, under the advisement of Professor Walid Saad, set out to tackle using quantum entanglement. In short, they used the unique properties of quantum bits, or qubits, as a method of transmitting information.

Windows 10 OOB update released to fix Message Queuing (MSMQ) issues

This month’s extended security update for Windows 10 broke Message Queuing (MSMQ), which is typically used by enterprises to manage background tasks.

Microsoft says it identified a fix and is now rolling out an out-of-band update (KB5074976) via Update Catalog to address it.

You won’t find the OOB on Windows Update or WSUS, as it’s only offered via Update Catalog, but if you are affected, you should download the out-of-band release.

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

The networking equipment major said it became aware of the intrusion campaign on December 10, 2025, and that it has singled out a “limited subset of appliances” with certain ports open to the internet. It’s currently not known how many customers are affected.

“This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance,” Cisco said in an advisory. “The ongoing investigation has revealed evidence of a persistence mechanism planted by the threat actors to maintain a degree of control over compromised appliances.”

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing.

This type of attack does not require any authentication, as the victim is tricked into linking the attacker’s browser to a WhatsApp device.

By doing so, threat actors gain access to the full conversation history and shared media, and may leverage information to impersonate users or commit fraud.

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges.

According to SonicWall, this medium-severity local privilege escalation security flaw (CVE-2025–40602) was reported by Clément Lecigne and Zander Work of the Google Threat Intelligence Group, and doesn’t affect SSL-VPN running on SonicWall firewalls.

“SonicWall PSIRT strongly advises users of the SMA1000 product to upgrade to the latest hotfix release version to address the vulnerability,” the company said in a Wednesday advisory.

/* */