Toggle light / dark theme

Mozilla has released Firefox 136.0.4 to patch a critical security vulnerability that can let attackers escape the web browser’s sandbox on Windows systems.

Tracked as CVE-2025–2857, this flaw is described as an “incorrect handle could lead to sandbox escapes” and was reported by Mozilla developer Andrew McCreight.

The vulnerability impacts the latest Firefox standard and extended support releases (ESR) designed for organizations that require extended support for mass deployments. Mozilla fixed the security flaw in Firefox 136.0.4 and Firefox ESR versions 115.21.1 and 128.8.1.

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

Last week, a person named ‘rose87168’ claimed to have breached Oracle Cloud servers and began selling the alleged authentication data and encrypted passwords of 6 million users. The threat actor also said that stolen SSO and LDAP passwords could be decrypted using the info in the stolen files and offered to share some of the data with anyone who could help recover them.

The threat actor released multiple text files consisting of a database, LDAP data, and a list of 140,621 domains for companies and government agencies that were allegedly impacted by the breach. It should be noted that some of the company domains look like tests, and there are multiple domains per company.

Researchers from the University of Science and Technology of China (USTC) of the Chinese Academy of Sciences revealed that not all forms of quantum nonlocality guarantee intrinsic randomness. They demonstrated that violating two-input Bell inequalities is both necessary and sufficient for certifying randomness, but this equivalence breaks down in scenarios involving multiple inputs. The study is published in Physical Review Letters.

Quantum mechanics is inherently probabilistic, and this intrinsic has been leveraged for applications like random number generation. However, ensuring the security of these random numbers in real-world scenarios is challenging due to potential vulnerabilities in the devices used.

Bell nonlocality, where particles exhibit correlations that cannot be explained by classical physics, offers a way to certify randomness without trusting the devices. Previous studies have shown that violating Bell inequalities can certify randomness in simple two-input, two-output systems. However, the applicability of this principle to more complex, multiple-input, multiple-output (MIMO) systems has been unclear.

A threat actor known as EncryptHub has been linked to Windows zero-day attacks exploiting a Microsoft Management Console vulnerability patched this month.

Uncovered by Trend Micro staff researcher Aliakbar Zahravi, this security feature bypass (dubbed ‘MSC EvilTwin’ and now tracked as CVE-2025–26633) resides in how MSC files are handled on vulnerable devices.

Attackers can leverage the vulnerability to evade Windows file reputation protections and execute code because the user is not warned before loading unexpected MSC files on unpatched devices.

Terahertz (THz) waves are located between microwaves and infrared light in the electromagnetic spectrum. They can pass through many materials without causing damage, making them useful for security scanning, medical imaging, and high-speed wireless communication. Unlike visible light or radio waves, THz waves can reveal structural details of biological molecules and penetrate nonmetallic objects like clothing and paper.

THz waves hold great promise, but to harness them effectively, their polarization (the direction in which the waves vibrate) must be controlled. Polarization control is crucial for optimizing THz applications, from enhancing to improving imaging and sensing.

Unfortunately, existing THz polarization control methods rely on bulky external components like wave plates or metamaterials. These solutions are often inefficient, limited to narrow frequency ranges, and unsuitable for compact devices. To overcome these limitations, researchers have been exploring approaches to control THz polarization directly at the source.

Researchers at the University of California, Los Angeles (UCLA) have unveiled a new optical technology that enables precise focusing of light—only in one direction. This novel unidirectional focusing design uses structured diffractive layers that are optimized using deep learning to transmit light efficiently in the forward direction of operation while effectively suppressing unwanted backward focusing of light.

The findings are published in the journal Advanced Optical Materials. This innovation offers a compact and broadband solution for the unidirectional delivery of radiation with significant potential for applications in security, defense, and .

Controlling asymmetric light propagation—where light preferentially travels in one direction while being blocked or scattered in the opposite direction—has been a longstanding need in optical systems. Traditional solutions often rely on specialized material properties or nonlinear materials, which require relatively complex and costly fabrication methods, bulky hardware, and high-power laser sources.

Joscha Bach, Cognitive Scientist and AI researcher, as well as Anthony Aguirre, UCSC Professor of Physics, join us to explore the world through the lens of computation and the difficulties we face on the way to beneficial futures.

Topics discussed in this episode include:

-Understanding the universe through digital physics.
–How human consciousness operates and is structured.
–The path to aligned AGI and bottlenecks to beneficial futures.
–Incentive structures and collective coordination.

Find the page for this podcast here: https://futureoflife.org/2021/03/31/j… to be the FLI Podcast Producer here: https://futureoflife.org/job-postings/ Follow the podcast on: Spotify: https://open.spotify.com/show/2Op1WO3… Apple Podcasts: https://podcasts.apple.com/us/podcast… SoundCloud: / futureoflife Have any feedback about the podcast? You can share your thoughts here: www.surveymonkey.com/r/DRBFZCT Timestamps: 0:00 Intro 1:58 What is truth and knowledge? 11:39 What is subjectivity and objectivity? 15:13 What is the universe ultimately? 20:32 Is the universe a cellular automaton? Is the universe ultimately digital or analogue? 25:59 Hilbert’s hotel from the point of view of computation 39:14 Seeing the world as a fractal 43:00 Describing human consciousness 57:46 Meaning, purpose, and harvesting negentropy 1:02:30 The path to aligned AGI 1:05:13 Bottlenecks to beneficial futures and existential security 1:16:01 A future with one, several, or many AGI systems? How do we maintain appropriate incentive structures? 1:30:39 Non-duality and collective coordination 1:34:16 What difficulties are there for an idealist worldview that involves computation? 1:37:19 Which features of mind and consciousness are necessarily coupled and which aren’t? 1:47:47 Joscha’s final thoughts on AGI This podcast is possible because of the support of listeners like you. If you found this conversation to be meaningful or valuable, consider supporting it directly by donating at: https://futureoflife.org/donate Contributions like yours make these conversations possible.

Apply to be the FLI Podcast Producer here: https://futureoflife.org/job-postings/

Follow the podcast on: