Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 4

Get the latest international news and world events from around the world.

Log in for authorized contributors

Why this single-chip LED advance could shrink AR glasses and boost quantum links

Researchers at The University of Osaka, in collaboration with ULVAC, Inc. and Ritsumeikan University, have developed a new LED structure that generates circularly polarized light from a single chip. By combining a semipolar InGaN light-emitting structure with a stripe-shaped silicon nitride metasurface, the team created a compact light source that reduces energy-conversion loss and operates at room temperature.

This advancement could help bring ultra-compact, durable light sources closer to practical use in AR/VR, 3D displays, quantum communication, and optical security. The work is published in the journal Optical Materials Express.

Circularly polarized light is useful for a wide range of next-generation technologies. However, previous circularly polarized LEDs have struggled to combine high polarization, high efficiency, durability, and scalable manufacturing. In many previous designs, only one circular polarization component can be extracted from unpolarized light, placing a theoretical limit of 50% on conversion efficiency.

Scientists Make Breakthrough on 40-Year-Old 2D Physics Puzzle

Why do patterns emerge as surfaces grow, whether in crystals, flames, or living systems? Physicists have long turned to the Kardar–Parisi–Zhang (KPZ) equation, proposed in 1986, as a unifying description of these processes. This theory captures how randomness and nonlinear effects shape growth across vastly different systems, from spreading bacterial colonies to data-driven algorithms.

Now, researchers at the University of Würzburg have taken a major step toward confirming just how universal this idea really is. After earlier success in one dimension, they have demonstrated for the first time that KPZ behavior also governs growth in two-dimensional systems, a milestone that had remained experimentally out of reach.

Actively Exploited nginx-ui Flaw (CVE-2026–33032) Enables Full Nginx Server Takeover

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild.

The vulnerability in question is CVE-2026–33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security.

“The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message,” according to an advisory released by nginx-ui maintainers last month. “While /mcp requires both IP whitelisting and authentication (AuthRequired middleware), the /mcp_message endpoint only applies IP whitelisting — and the default IP whitelist is empty, which the middleware treats as ‘allow all.’”

Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest

Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest.

Tom Gallagher, Vice President of Engineering at Microsoft Security Response Center (MSRC), said that over 80 flaws found during the live event at Microsoft’s Redmond campus were high-impact cloud and AI security vulnerabilities.

“During the 2026 live hacking event, Microsoft partnered with the global security research community, representing more than 20 countries and a wide range of professional backgrounds, from high school students to college professors,” Gallagher said.

WordPress plugin suite hacked to push malware to thousands of sites

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.

A malicious actor planted the backdoor code last year but only recently started pushing it to users via updates, generating spam pages and causing redirects, as per the instructions received from the command-and-control (C2) server.

The compromise affects plugins with hundreds of thousands of active installations and was spotted by Austin Ginder, the founder of managed WordPress hosting provider Anchor Hosting, after receiving a tip about one add-on containing code that allowed third-party access.

Signed software abused to deploy antivirus-killing scripts

A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors.

In a single day, researchers observed more than 23,500 infected hosts in 124 countries trying to connect to the operator’s infrastructure, with hundreds of infected endpoints present in high-value networks.

/* */