Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 6

The National Synchrotron Light Source II (NSLS-II)—a U.S. Department of Energy (DOE) Office of Science user facility at DOE’s Brookhaven National Laboratory—is among the world’s most advanced synchrotron light sources, enabling and supporting science across various disciplines. Advances in automation, robotics, artificial intelligence (AI), and machine learning (ML) are transforming how research is done at NSLS-II, streamlining workflows, enhancing productivity, and alleviating workloads for both users and staff.

As synchrotron facilities rapidly advance—providing brighter beams, automation, and robotics to accelerate experiments and discovery—the quantity, quality, and speed of data generated during an experiment continues to increase. Visualizing, analyzing, and sorting these large volumes of data can require an impractical, if not impossible, amount of time and attention.

Presenting scientists with is as important as preparing samples for beam time, optimizing the experiment, performing error detection, and remedying anything that may go awry during a measurement.

Read more | >

Lumma Stealer is a fully-featured crimeware solution that’s offered for sale under the malware-as-a-service (MaaS) model, giving a way for cybercriminals to harvest a wide range of information from compromised Windows hosts. In early 2024, the malware operators announced an integration with a Golang-based proxy malware named GhostSocks.

“The addition of a SOCKS5 backconnect feature to existing Lumma infections, or any malware for that matter, is highly lucrative for threat actors,” Infrawatch said.

“By leveraging victims’ internet connections, attackers can bypass geographic restrictions and IP-based integrity checks, particularly those enforced by financial institutions and other high-value targets. This capability significantly increases the probability of success for unauthorized access attempts using credentials harvested via infostealer logs, further enhancing the post-exploitation value of Lumma infections.”

Read more | >

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication.

The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices to their users.

Truffle Security said it downloaded a December 2024 archive from Common Crawl, which maintains a free, open repository of web crawl data. The massive dataset contains over 250 billion pages spanning 18 years.

Read more | >

It’s worth noting that the intrusion set distributing the Winos 4.0 malware has been assigned the monikers Void Arachne and Silver Fox, with the malware also overlapping with another remote access trojan tracked as ValleyRAT.

“They are both derived from the same source: Gh0st RAT, which was developed in China and open-sourced in 2008,” Daniel dos Santos, Head of Security Research at Forescout’s Vedere Labs, told The Hacker News.

“Winos and ValleyRAT are variations of Gh0st RAT attributed to Silver Fox by different researchers at different points in time. Winos was a name commonly used in 2023 and 2024 while now ValleyRAT is more commonly used. The tool is constantly evolving, and it has both local Trojan/RAT capabilities as well as a command-and-control server.”

Read more | >

A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks.

This is according to an investigation by Xlab, which has been tracking the new campaign since last November, reporting that the botnet peaked on January 14, 2025, and currently has 800,000 active bots.

In September 2024, Dr. Web antivirus researchers found 1.3 million devices across 200 countries compromised by Vo1d malware via an unknown infection vector.

Read more | >

Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content.

An updated complaint identifies the individuals as Arian Yadegarnia from Iran (aka ‘Fiz’), Alan Krysiak of the United Kingdom (aka ‘Drago’), Ricky Yuen from Hong Kong, China (aka ‘cg-dot’), and Phát Phùng Tấn of Vietnam (aka ‘Asakuri’).

As the company explained today, these threat actors are key members of a global cybercrime gang that it tracks as Storm-2139.

Read more | >

Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors.

Access Management Systems are security systems that control employee access to buildings, facilities, and restricted areas via biometrics, ID cards, or license plates.

Security researchers at Modat conducted a comprehensive investigation in early 2025 and discovered tens of thousands of internet-exposed AMS that were not correctly configured for secure authentication, allowing anyone to access them.

Read more | >

A suspected cyber criminal believed to have extorted companies under the name “DESORDEN Group” or “ALTDOS” has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide.

The suspect was arrested in Bangkok through a law enforcement operation by the Royal Thai Police and the Singapore Police Force, with the help of experts from Group-IB.

The cybercriminal, who operated since 2020 under multiple aliases such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, stole and leaked/sold over 13TB of personal data from the organizations.

Read more | >

I loved reading about Barrett’s rigorous empirical research on insect sentience, its ethical implications, and how to mitigate insect suffering within industries that make heavy use of these remarkable invertebrates!

(https://80000hours.org/podcast/episodes/meghan-barrett-insec…sentience/)

This is a group of animals I think people are particularly unfamiliar with. They are especially poorly covered in our science curriculum; they are especially poorly understood, because people don’t spend as much time learning about them at museums; and they’re just harder to spend time with in a lot of ways, I think, for people.

Continue reading “Meghan Barrett on challenging our assumptions about insects” | >