Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security – Page 5

Why Organizations Are Abandoning Static Secrets for Managed Identities

“Using a secret manager dramatically improves the security posture of systems that rely on shared secrets, but heavy use perpetuates the use of shared secrets rather than using strong identities,” according to identity security researchers. The goal isn’t to eliminate secret managers entirely, but to dramatically reduce their scope.

Smart organizations are strategically reducing their secret footprint by 70–80% through managed identities, then using robust secret management for remaining use cases, creating resilient architectures that leverage the best of both worlds.

The Non-Human Identity Discovery Challenge

Over 75,000 WatchGuard security devices vulnerable to critical RCE

Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025–9242) that could allow a remote attacker to execute code without authentication.

Firebox devices act as a central defense hub that controls traffic between internal and external networks, providing protection through policy management, security services, VPN, and real-time real-time visibility through WatchGuard Cloud.

Scans from The Shadowserver Foundation currently show that there are 75,835 vulnerable Firebox appliances across the world, most of them in Europe and North America.

Optical system achieves terabit-per-second capacity and integrates quantum cryptography for long-term security

The artificial intelligence (AI) boom has created unprecedented demand for data traffic. But the infrastructure needed to support it faces mounting challenges. AI data centers must deliver faster, more reliable communication than ever before, while also confronting their soaring electricity use and a looming quantum security threat, which could one day break today’s encryption methods.

To address these challenges, a recent study published in Advanced Photonics proposes a quantum-secured architecture that involves minimal digital signal processing (DSP) consumption and meets all the stringent requirements for AI-driven data center optical interconnect (AI–DCI) scenarios. This system enables data to move at terabit-per-second speeds with while defending against future quantum threats.

“Our work paves the way for the next generation of secure, scalable, and cost-efficient optical interconnects, protecting AI-driven data centers against quantum security threats while meeting the high demands of modern data-driven applications,” the researchers state in their paper.

Netherlands tightens export restrictions on microchip machines, mainly targeting ASML

The Dutch government is tightening its export restrictions on microchip-making machines, specifically deep ultraviolet (DUV) lithographic machines. A licensing requirement will apply to the export of older types of DUV machinery beginning on Saturday, a decision which primarily impacts Dutch business ASML. Foreign Trade Minister Reinett Klever cited national security concerns when announcing the measure on Friday.

According to ASML, the licensing requirement update is a technical change that mainly means that the company will apply for export licenses from the government of the Netherlands, not the United States, for two older types of DUV immersion lithography systems (1970i and 1980i). The Dutch government already implemented a licensing requirement for the newer generations of DUV machines (2000i and later) in September last year.

DUV lithography machines are the second-most advanced microchip-making machines, after extreme ultraviolet (EUV) lithography machines. Dutch company ASML is the world’s only manufacturer of EUV lithography machines and is also a global leader in the production, refurbishment, and repair of DUV lithography machines. DUV machines can still be used to make highly sophisticated microchips, and some of China’s leading tech companies, like Huawei, are actively pushing the limits of the older technology.

Scientists create a novel hydrogel for unclonable security tags

Encryption technologies are vital in today’s digital landscape to protect sensitive information from hackers and prevent fraud. While cutting-edge encryption has been developed for data, sophisticated protection for physical objects such as high-value products, access cards and documents has lagged behind until now.

Scientists have now developed a new hydrogel that acts as an unclonable physical tag. The work is published in the journal Advanced Materials.

Physical items are easily copied or faked because their built-in security tags are often weak or simple to clone. To solve this security gap, a team of researchers from China first mixed two chemicals together: polypyrrole, which conducts electricity; and polystyrene sulfonate, a flexible polymer. The result was a soft, conductive, jelly-like substance.

Size doesn’t matter: Just a small number of malicious files can corrupt LLMs of any size

Large language models (LLMs), which power sophisticated AI chatbots, are more vulnerable than previously thought. According to research by Anthropic, the UK AI Security Institute and the Alan Turing Institute, it only takes 250 malicious documents to compromise even the largest models.

The vast majority of data used to train LLMs is scraped from the public internet. While this helps them to build knowledge and generate natural responses, it also puts them at risk from data poisoning attacks. It had been thought that as models grew, the risk was minimized because the percentage of poisoned data had to remain the same. In other words, it would need massive amounts of data to corrupt the largest models. But in this study, which is published on the arXiv preprint server, researchers showed that an attacker only needs a small number of poisoned documents to potentially wreak havoc.

To assess the ease of compromising large AI models, the researchers built several LLMs from scratch, ranging from small systems (600 million parameters) to very large (13 billion parameters). Each model was trained on vast amounts of clean public data, but the team inserted a fixed number of malicious files (100 to 500) into each one.

Streamlined method to directly generate photons in optical fiber could secure future quantum internet

With the rise of quantum computers, the security of our existing communication systems is at risk. Quantum computers will be able to break many of the encryption methods used in current communication systems. To counter this, scientists are developing quantum communication systems, which utilize quantum mechanics to offer stronger security. A crucial building block of these systems is a single-photon source: a device that generates only one light particle at a time.

These photons, carrying quantum information, are then sent through optical fibers. For to work, it is essential that single photons are injected into optical fibers with extremely low loss.

In conventional systems, single-photon emitters, like and rare-earth (RE) element ions, are placed outside the fiber. These photons then must be guided to enter the fiber. However, not all photons make it into the fibers, causing high transmission loss. For practical quantum communication systems, it is necessary to achieve a high-coupling and channeling efficiency between the and the emitter.

Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops

Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections.

An attacker could take advantage to load bootkits (e.g. BlackLotus, HybridPetya, and Bootkitty) that can evade OS-level security controls and persist across OS re-installs.

Powerful mm command.

/* */