Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

Red Hat data breach escalates as ShinyHunters joins extortion

Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site.

News of the Red Hat data breach broke last week when a hacking group known as the Crimson Collective claimed to have stolen nearly 570GB of compressed data across 28,000 internal development repositories.

This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network, infrastructure, and platforms.

Microsoft: Critical GoAnywhere bug exploited in ransomware attacks

A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability in Medusa ransomware attacks for nearly a month.

Tracked as CVE-2025–10035, this security flaw impacts Fortra’s web-based secure transfer GoAnywhere MFT tool, caused by a deserialization of untrusted data weakness in the License Servlet. This vulnerability can be exploited remotely in low-complexity attacks that don’t require user interaction.

Security analysts at the Shadowserver Foundation are now monitoring over 500 GoAnywhere MFT instances exposed online, although it’s unclear how many have already been patched.

Quantum key distribution method tested in urban infrastructure offers secure communications

In the era of instant data exchange and growing risks of cyberattacks, scientists are seeking secure methods of transmitting information. One promising solution is quantum cryptography—a quantum technology that uses single photons to establish encryption keys.

A team from the Faculty of Physics at the University of Warsaw has developed and tested in a novel system for quantum key distribution (QKD). The system employs so-called high-dimensional encoding. The proposed setup is simpler to build and scale than existing solutions, while being based on a phenomenon known to physicists for nearly two centuries—the Talbot effect. The research results have been published in the journals Optica Quantum, Optica, and Physical Review Applied.

“Our research focuses on quantum key distribution (QKD)—a technology that uses single photons to establish a secure cryptographic key between two parties,” says Dr. Michał Karpiński, head of the Quantum Photonics Laboratory at the Faculty of Physics, University of Warsaw.

Security researchers say G1 humanoid robots are secretly sending information to China and can easily be hacked

Researchers have uncovered serious security flaws with the Unitree G1 humanoid robot, a machine that is already being used in laboratories and some police departments. They discovered that G1 can be used for covert surveillance and could potentially launch a full-scale cyberattack on networks.

It sounds like the stuff of science fiction nightmares, robots that are secretly spying on you and could be controlled by remote hackers. However, the concern is real, as these types of robots are becoming increasingly common in homes, businesses, and .

Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware

“The group takes an interest in diplomatic communications, defense-related intelligence and the operations of critical governmental ministries,” the company said. “The timing and scope of the group’s operations frequently coincide with major global events and regional security affairs.”

This aspect is particularly revealing, not least because other Chinese hacking groups have also embraced a similar approach. For instance, a new adversary tracked by Recorded Future as RedNovember is assessed to have targeted entities in Taiwan and Panama in close proximity to “geopolitical and military events of key strategic interest to China.”

Phantom Taurus’ modus operandi also stands out due to the use of custom-developed tools and techniques rarely observed in the threat landscape. This includes a never-before-seen bespoke malware suite dubbed NET-STAR. Developed in. NET, the program is designed to target Internet Information Services (IIS) web servers.

/* */