Lifeboat News: The Blog – Safeguarding Humanity

Get the latest international news and world events from around the world.

Jul 25
2025

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Fire Ant exploited VMware flaws to breach ESXi and vCenter, targeting isolated systems for persistent access.

Jul 25
2025

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

CastleLoader malware infected 469 devices via ClickFix, GitHub, and phishing since May 2025. Malware delivery is evolving fast.

Jul 25
2025

Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them

Discover 2025’s top identity trends from Auth0. Learn how AI reshapes logins, trust, and security.

Jul 25
2025

Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace

XSS.is admin arrested in Kyiv after years enabling cybercrime; Europol disrupts major forum of 50K users.

Jul 25
2025

Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

Storm-2603 exploits SharePoint flaws to deploy Warlock ransomware, affecting 400+ victims. Microsoft urges mitigation.

Jul 25
2025

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Malware hidden in WordPress mu-plugins grants attackers full access and admin control, putting websites and users at serious risk.

Jul 25
2025

New Koske Linux malware hides in cute panda images

A new Linux malware named Koske may have been developed with artificial intelligence and is using seemingly benign JPEG images of panda bears to deploy malware directly into system memory.

Researchers from cybersecurity company AquaSec analyzed Koske and described it as “a sophhisticated Linux threat.” Based on the observed adaptive behavior, the researchers believe that the malware was developed using large language models (LLMs) or automation frameworks.

Koske’s purpose is to deploy CPU and GPU-optimized cryptocurrency miners that use the host’s computational resources to mine over 18 distinct coins.

Jul 25
2025

Hacker sneaks infostealer malware into early access Steam game

A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title.

A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam.

Chemia is a survival crafting game from developer ‘Aether Forge Studios,’ which is currently offered as early access on Steam but has no public release date.

Jul 25
2025

Hackers breach Toptal GitHub account, publish malicious npm packages

Hackers compromised Toptal’s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index.

The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims’ systems.

Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also maintains internal developer tools and design systems, most notably Picasso, which they make available through GitHub and NPM.

Jul 25
2025

Microsoft: SharePoint flaws exploited in Warlock ransomware attacks

A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain.

Non-profit security organization Shadowserver is currently tracking over 420 SharePoint servers that are exposed online and remain vulnerable to these ongoing attacks.

“Although Microsoft has observed this threat actor deploying Warlock and Lockbit ransomware in the past, Microsoft is currently unable to confidently assess the threat actor’s objectives,” the company said in a Wednesday report.