Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 22

A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication.

The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices to their users.

Truffle Security said it downloaded a December 2024 archive from Common Crawl, which maintains a free, open repository of web crawl data. The massive dataset contains over 250 billion pages spanning 18 years.

Read more | >

It’s worth noting that the intrusion set distributing the Winos 4.0 malware has been assigned the monikers Void Arachne and Silver Fox, with the malware also overlapping with another remote access trojan tracked as ValleyRAT.

“They are both derived from the same source: Gh0st RAT, which was developed in China and open-sourced in 2008,” Daniel dos Santos, Head of Security Research at Forescout’s Vedere Labs, told The Hacker News.

“Winos and ValleyRAT are variations of Gh0st RAT attributed to Silver Fox by different researchers at different points in time. Winos was a name commonly used in 2023 and 2024 while now ValleyRAT is more commonly used. The tool is constantly evolving, and it has both local Trojan/RAT capabilities as well as a command-and-control server.”

Read more | >

A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks.

This is according to an investigation by Xlab, which has been tracking the new campaign since last November, reporting that the botnet peaked on January 14, 2025, and currently has 800,000 active bots.

In September 2024, Dr. Web antivirus researchers found 1.3 million devices across 200 countries compromised by Vo1d malware via an unknown infection vector.

Read more | >

Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content.

An updated complaint identifies the individuals as Arian Yadegarnia from Iran (aka ‘Fiz’), Alan Krysiak of the United Kingdom (aka ‘Drago’), Ricky Yuen from Hong Kong, China (aka ‘cg-dot’), and Phát Phùng Tấn of Vietnam (aka ‘Asakuri’).

As the company explained today, these threat actors are key members of a global cybercrime gang that it tracks as Storm-2139.

Read more | >

Researchers discovered 49,000 misconfigured and exposed Access Management Systems (AMS) across multiple industries and countries, which could compromise privacy and physical security in critical sectors.

Access Management Systems are security systems that control employee access to buildings, facilities, and restricted areas via biometrics, ID cards, or license plates.

Security researchers at Modat conducted a comprehensive investigation in early 2025 and discovered tens of thousands of internet-exposed AMS that were not correctly configured for secure authentication, allowing anyone to access them.

Read more | >

A suspected cyber criminal believed to have extorted companies under the name “DESORDEN Group” or “ALTDOS” has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide.

The suspect was arrested in Bangkok through a law enforcement operation by the Royal Thai Police and the Singapore Police Force, with the help of experts from Group-IB.

The cybercriminal, who operated since 2020 under multiple aliases such as ALTDOS, DESORDEN, GHOSTR, and 0mid16B, stole and leaked/sold over 13TB of personal data from the organizations.

Read more | >

I loved reading about Barrett’s rigorous empirical research on insect sentience, its ethical implications, and how to mitigate insect suffering within industries that make heavy use of these remarkable invertebrates!

(https://80000hours.org/podcast/episodes/meghan-barrett-insec…sentience/)

This is a group of animals I think people are particularly unfamiliar with. They are especially poorly covered in our science curriculum; they are especially poorly understood, because people don’t spend as much time learning about them at museums; and they’re just harder to spend time with in a lot of ways, I think, for people.

Continue reading “Meghan Barrett on challenging our assumptions about insects” | >

2024 YR4 is no longer a danger for Earth, and a (small) chance of a lunar impact could provide great science data.

“We are all rooting for the Moon!” Richard Binzel (MIT) is referring to the asteroid 2024 YR4, which for a few weeks had remained at the second-highest-rated probability of potential Earth impact of any asteroid discovered. Now, although its impact probability has fallen to virtually zero for Earth, it still has a slight chance of impacting the Moon on December 22, 2032.

Read more | >

Combining on-chip photon-pair sources, two sets of linear integrated circuits for path entanglements and two path-to-orbital angular momentum converters, free-space-entangled orbital angular momentum photon pairs can be generated in high-dimensional vortex states, offering a high level of programmable dynamical reconfigurability.

Read more | >