Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 1132

The DESI collaboration is conducting a groundbreaking experiment to understand the universe’s expansion and acceleration. Their work with the DESI instrument has enabled them to map the cosmos from its early stages to the present, challenging existing models of the universe. Initial findings suggest there may be more to discover about dark energy and cosmic acceleration. The project’s innovative approach, including a fully blinded analysis, ensures that their conclusions are based on unbiased data, paving the way for future discoveries in astrophysics. Credit: SciTechDaily.com.

The DESI collaboration is examining the universe’s accelerating expansion through comprehensive mapping from its early stages to the present. Their findings challenge traditional cosmic models and suggest new insights into dark energy, all while utilizing groundbreaking, unbiased research methods.

A team of researchers, including an astrophysicist from The University of Texas at Dallas, as part of the Dark Energy Spectroscopic Instrument (DESI) collaboration, is leading a groundbreaking experiment aimed at exploring the universe’s expansion and acceleration.

Read more | >

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances.

The vulnerability, tracked as CVE-2024–4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.

According to DEVCORE security researcher, the shortcoming makes it possible to bypass protections put in place for another security flaw, CVE-2012–1823.

Read more | >

Cybersecurity researchers have disclosed that the LightSpy spyware recently identified as targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant.

The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with the cross-platform malware framework that likely possesses capabilities to infect Android, iOS, Windows, macOS, Linux, and routers from NETGEAR, Linksys, and ASUS.

“The Threat actor group used two publicly available exploits (CVE-2018–4233, CVE-2018–4404) to deliver implants for macOS,” ThreatFabric said in a report published last week. “Part of the CVE-2018–4404 exploit is likely borrowed from the Metasploit framework. macOS version 10 was targeted using those exploits.”

Read more | >

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to “infect” over 100 organizations by trojanizing a copy of the popular ‘Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.

Visual Studio Code (VSCode) is a source code editor published by Microsoft and used by many professional software developers worldwide.

Microsoft also operates an extensions market for the IDE, called the Visual Studio Code Marketplace, which offers add-ons that extend the application’s functionality and provide more customization options.

Read more | >

Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray.

This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing.

According to Ray’s developer, Anyscale, the framework is used by major tech companies such as Uber, Amazon and OpenAI.

Read more | >

The disclosure notice also noted several security changes made to the Spaces platform in response to the leak, including the removal of org tokens to improve traceability and auditing capabilities, and the implementation of a key management service (KMS) for Spaces secrets.

Hugging Face said it plans to deprecate traditional read and write tokens “in the near future,” replacing them with fine-grained access tokens, which are currently the default.

Spaces users are recommended to switch their Hugging Face tokens to fine-grained access tokens if they are not already using them, and refresh any key or token that may have been exposed.

Read more | >

Join our newsletter to get the latest military space news every Tuesday by veteran defense journalist Sandra Erwin.

The estimated $1 billion IDIQ contract — a pre-negotiated agreement between the government and multiple vendors — is for a program known as R2C2, short for Rapid Resilient Command and Control, focused on developing a next-generation ground system built on a commercial cloud architecture.

Read more | >