Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 4

Get the latest international news and world events from around the world.

Log in for authorized contributors

Seeing the invisible: The limits of two-photon vision

Near-infrared light is invisible to humans. And yet, under the right conditions, the human eye can perceive it. Researchers from Poland’s International Center for Translational Eye Research (ICTER) have now shown that the efficiency of this phenomenon depends not only on the laser pulse itself, but also on two highly specific factors: the beam diameter and the precise focusing of light on the retina. The research is published in the journal Optics Letters.

In everyday life, we see visible light—wavelengths detected by the photoreceptors of the retina. Near-infrared light lies outside this range, which is why it normally remains invisible to us. However, for several years, scientists have known of an exception.

This exception is known as two-photon vision. In this phenomenon, a photopigment in the retina absorbs two infrared photons almost simultaneously. Each photon individually carries too little energy to trigger visual perception, but together they can initiate the process of vision. This is why, under certain conditions, humans can “see” radiation that theoretically should remain invisible.

Sunlight-powered generation of correlated photon pairs

Pairs of correlated or entangled photons are a foundational resource in quantum optics. They are most commonly produced through spontaneous parametric down-conversion (SPDC), a nonlinear optical process that typically relies on a stable, coherent laser to pump a nonlinear crystal. Because of this requirement, SPDC has long been viewed as impractical without laboratory-grade laser systems.

Recent studies have shown that fully coherent light is not strictly necessary: Partially coherent sources can also drive SPDC, with their coherence properties transferred to the generated photon pairs. This insight raises a natural and intriguing question—can sunlight, the most abundant natural light source, be used to generate correlated photon pairs?

Using sunlight for SPDC presents clear challenges. Sunlight collected from the ground is inherently unstable, with continuous changes in intensity, angle, and position that interfere with the precise illumination and photon detection required for SPDC experiments. At the same time, sunlight offers a compelling advantage: it removes dependence on lasers and external power sources, opening possibilities for photon-pair generation in remote or extreme environments.

Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations.

The Pwn2Own Berlin 2026 hacking competition takes place at the OffensiveCon conference from May 14 to May 16 and focuses on enterprise technologies and artificial intelligence.

Security researchers can earn over $1,000,000 in cash and prizes by hacking fully patched products in the web browser, enterprise applications, cloud-native/container environments, virtualization, local privilege escalation, servers, local inference, and LLM categories.

Popular node-ipc npm package compromised to steal credentials

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm.

The node-ipc package is a Node.js module that enables various processes to communicate through all forms of sockets, including Unix, Windows, UDP, TLS, and TCP.

Despite the maintainer publishing in March 2022 weaponized versions that targeted Russia and Belarus-based systems with a data-overwriting module, in protest to the Russian invasion of Ukraine, the package still has more than 690,000 weekly downloads on npm.

Avada Builder WordPress plugin flaws allow site credential theft

Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database.

One of the flaws is tracked as CVE-2026–4782 and can be exploited in all versions of the plugin through 3.15.2 by an authenticated users with at least subscriber-level access to read the contents of any file on the server.

The other security issue received the identifier CVE-2026–4798 and is an SQL injection that can be leveraged without authentication. However, exploitation is possible only if the WooCommerce e-commerce plugin for WordPress has been enabled and then deactivated.

Microsoft backpedals: Edge to stop loading passwords into memory

Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was “by design.”

This behavior was disclosed on May 4 by security researcher Tom Jøran Sønstebyseter Rønning, who demonstrated that all credentials stored in the Edge built-in password manager were decrypted on launch and kept in memory even when not in use.

Rønning also released a proof-of-concept (PoC) tool that would allow attackers with Administrator privileges to dump passwords from other users’ Edge processes (without admin privileges, the PoC only allows accessing Edge processes launched by the same user).

/* */