Lifeboat News: The Blog – Safeguarding Humanity

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Posted by Saúl Morales Rodriguéz in cybercrime/malcode | Leave a Comment on Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

Jan 23
2025

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks.

According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse.

Some of the other flaws weaponized by the distributed denial-of-service (DDoS) botnet include CVE-2013–3307, CVE-2016–20016, CVE-2017–5259, CVE-2018–14558, CVE-2020–25499, CVE-2020–8515, CVE-2022–3573, CVE-2022–40005, CVE-2022–44149, CVE-2023–28771, as well as those impacting AVTECH IP cameras, LILIN DVRs, and Shenzhen TVT devices.

Read more | >

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Posted by Saúl Morales Rodriguéz in futurism | Leave a Comment on Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

Jan 23
2025

Apply Oracle’s January 2025 Patch fixing 318 vulnerabilities, including CVE-2025–21556 (CVSS 9.9), to prevent risks.

Read more | >

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

Posted by Saúl Morales Rodriguéz in cybercrime/malcode | Leave a Comment on 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

Jan 23
2025

A 13,000-router MikroTik botnet bypasses SPF protections on 20,000 domains, fueling malware, DDoS, and phishing.

Read more | >

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Posted by Saúl Morales Rodriguéz in futurism | Leave a Comment on Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

Jan 23
2025

Cisco addresses critical CVE-2025–20156 with 9.9 CVSS, fixing admin privilege risk in Meeting Management.

Read more | >

Telegram captcha tricks you into running malicious PowerShell scripts

Posted by Saúl Morales Rodriguéz in cybercrime/malcode | Leave a Comment on Telegram captcha tricks you into running malicious PowerShell scripts

Jan 23
2025

Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into run PowerShell code that infects them with malware.

The attack, spotted by vx-underground, is a new variant of the “Click-Fix” tactic that has become very popular among threat actors to distribute malware over the past year.

However, instead of being fixes for common errors, this variant pretends to be a captcha or verification system that users must run to join the channel.

Read more | >

Critical zero-days impact premium WordPress real estate plugins

Posted by Saúl Morales Rodriguéz in security | Leave a Comment on Critical zero-days impact premium WordPress real estate plugins

Jan 23
2025

The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges.

Although the two flaws were discovered in September 2024 by Patchstack, and multiple attempts were made to contact the vendor (InspiryThemes), the researchers say they have not received a response.

Also, Patchstack says the vendor released three versions since September, but no security fixes to address the critical issues were introduced. Hence, the issues remain unfixed and exploitable.

Read more | >

Cloudflare CDN flaw leaks user location data, even through secure chat apps

Posted by Saúl Morales Rodriguéz in security | Leave a Comment on Cloudflare CDN flaw leaks user location data, even through secure chat apps

Jan 23
2025

A security researcher discovered a flaw in Cloudflare’s content delivery network (CDN), which could expose a person’s general location by simply sending them an image on platforms like Signal and Discord.

While the geo-locating capability of the attack is not precise enough for street-level tracking, it can provide enough data to infer what geographic region a person lives in and monitor their movements.

Daniel’s finding is particularly concerning for people who are highly concerned about their privacy, like journalists, activists, dissidents, and even cybercriminals.

Read more | >

Meta takes us a step closer to Star Trek’s universal translator

Posted by Dan Kummer in robotics/AI | Leave a Comment on Meta takes us a step closer to Star Trek’s universal translator

Jan 23
2025

The computer science behind translating speech from 100 source languages.

Read more | >

From classical to quantum: Reimagining the Mpemba effect at the atomic scale

Posted by Dan Breeden in education, quantum physics | Leave a Comment on From classical to quantum: Reimagining the Mpemba effect at the atomic scale

Jan 23
2025

In a new Nature Communications study, scientists have demonstrated the quantum version of the strong Mpemba effect (sME) in a single trapped ion system.

The Mpemba effect is a counterintuitive phenomenon in which—under certain conditions—hotter water cools faster than colder water.

It was first described by Tanzanian high school student Erasto Bartholomeo Mpemba in 1963. However, according to early scientific literature, it was observed much earlier, as far as Aristotelian times.

Read more | >

Neuromorphic computing at scale

Posted by Dan Breeden in computing, futurism | Leave a Comment on Neuromorphic computing at scale

Jan 23
2025

Approaches for the development of future at-scale neuromorphic systems based on principles of biointelligence are described, along with potential applications of scalable neuromorphic architectures and the challenges that need to be overcome.

Read more | >