Lifeboat News: The Blog – Safeguarding Humanity

Get the latest international news and world events from around the world.

May 26
2026

Discovery of stromatolite formation in post-impact hydrothermal lacustrine environments and its implications for early Earth

Stromatolites within the Hapcheon impact crater suggest that asteroid impacts created hydrothermal oases fostering early life and habitability, according to geochemical, isotopic, and microbial analyses from the Hapcheon crater lake in Korea.

May 26
2026

Ghost CMS CVE-2026–26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026–26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

May 26
2026

The Alert Firehose Finally Meets Its Match

AI-powered NDR improved security accuracy from 26% to 95%, reducing false positives and accelerating SOC threat response.

May 26
2026

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Lazarus deployed RemotePE against crypto firms using memory-only malware, enabling stealthy long-term financial intrusions.

May 26
2026

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

May 26
2026

Npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub added npm staged publishing with mandatory 2FA approval to reduce software supply chain attack risks.

May 26
2026

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

8 Packagist packages hid malicious package.json scripts, enabling Linux binary execution during installs and workflows.

May 26
2026

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA).

According to the FBI PSA, Kali365 first emerged in April 2026 and is distributed via Telegram channels for cybercriminals seeking an easier way to compromise Microsoft 365 accounts without stealing passwords or intercepting MFA codes.

The platform uses device code phishing, an increasingly popular method that abuses Microsoft’s legitimate OAuth 2.0 Device Authorization grant flow to gain access to Microsoft Entra and Microsoft 365 accounts.

May 26
2026

Anthropic’s restricted Claude Mythos model may be coming to Claude Code

Anthropic appears to be preparing for the public rollout of “Mythos,” which was announced in April as a restricted model that poses major security risks to private and public software.

On April 7, Anthropic announced the Mythos in early preview and called it a new frontier model with strikingly advanced capabilities in computer security tasks.

Anthropic said the Mythos model shows major improvements in code reasoning and autonomy, far above its current flagship model, Opus 4.7.

May 26
2026

Dark personality traits linked to a higher tolerance for morally questionable behaviors

The study contributes to the scientific knowledge about dark personality traits. However, the study was conducted on a relatively small group of students and solely based on self-reports. Studies on larger groups, involving other demographics, and those using more objective measures of endorsement of morally debatable behaviors might not yield identical results.

The paper, “Relationships between the Dark Triad and Justification of Morally Debatable Behaviors in College Students,” was authored by Emma P. Paulson and Terry F. Pettijohn II.