Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 5

Get the latest international news and world events from around the world.

Log in for authorized contributors

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability exploited in attacks.

The security feature bypass vulnerability, tracked as CVE-2026–21509, affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft 365 Apps for Enterprise (the company’s cloud-based subscription service).

However, as noted in today’s advisory, security updates for Microsoft Office 2016 and 2019 are not yet available and will be released as soon as possible.

Cloudflare misconfiguration behind recent BGP route leak

Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic.

The BGP system helps route data across different networks called autonomous systems (AS) that send it to destination through smaller networks on the internet.

The incident was caused by an accidental policy misconfiguration on a router and affected external networks beyond Cloudflare customers.

EU launches investigation into X over Grok-generated sexual images

The European Commission announced today that it has launched formal proceedings under the Digital Services Act to investigate whether X properly assessed risks before deploying its Grok artificial intelligence tool, following its use to generate sexually explicit images.

The commission noted that these potential risks “seem to have materialised,” seeing that the AI-powered tool was used to create “manipulated sexually explicit images, including content that may amount to child sexual abuse material.”

“Sexual deepfakes of women and children are a violent, unacceptable form of degradation,” said EU tech commissioner Henna Virkkunen. “With this investigation, we will determine whether X has met its legal obligations under the DSA, or whether it treated rights of European citizens — including those of women and children — as collateral damage of its service.”

Nearly 800,000 Telnet servers exposed to remote attacks

Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server.

The security flaw (CVE-2026–24061) impacts GNU InetUtils versions 1.9.3 (released 11 years ago in 2015) through 2.7 and was patched in version 2.8 (released on January 20).

“The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter,” explained open-source contributor Simon Josefsson, who reported it.

6 Okta security settings you might have overlooked

What worked six months ago may no longer be sufficient to protect against today’s threats.

This article outlines six fundamental Okta security best practices that form the backbone of a resilient identity security program.

Beyond implementing these settings, continuous security posture monitoring for Okta (and the rest of your SaaS ecosystem) with a tool like Nudge Security can help you stay ahead of emerging threats and maintain a robust security posture as your environment grows and changes.

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

The defense mechanisms that NPM introduced after the ‘Shai-Hulud’ supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies.

Collectively called PackageGate, the vulnerabilities were discovered in multiple utilities in the JavaScript ecosystem that allow managing dependencies, like pnpm, vlt, Bun, and NPM.

Researchers at endpoint and supply-chain security company Koi discovered the issues and reported them to the vendors. They say that the problems were addressed in all tools except for NPM, who closed the report stating that the behavior “works as expected.”

CISA says critical VMware RCE flaw now actively exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered federal agencies to secure their servers within three weeks.

Patched in June 2024, this security flaw (CVE-2024–37079) stems from a heap overflow weakness in the DCERPC protocol implementation of vCenter Server (a Broadcom VMware vSphere management platform that helps admins manage ESXi hosts and virtual machines).

Threat actors with network access to vCenter Server may exploit this vulnerability by sending a specially crafted network packet that can trigger remote code execution in low-complexity attacks that don’t require privileges on the targeted systems or user interaction.

An ultrastructural map of a spinal sensorimotor circuit reveals the potential of astroglia modulation

Using cell reconstructions and synapse mapping in zebrafish, Koh and Avalos Arceo et. al. reveal a vertebrate local spinal sensorimotor circuit map, revealing how neurons and glia are structurally positioned in a circuit. This resource provides insight into how glia and synaptic thresholding could modulate information flow through complex neural networks.

Led Team Discovers Metallic Material With Record Thermal Conductivity

A UCLA-led, multi-institution research team has discovered a metallic material with the highest thermal conductivity measured among metals, challenging long-standing assumptions about the limits of heat transport in metallic materials.

Published this week in Science, the study is led by Yongjie Hu, a professor of mechanical and aerospace engineering at the UCLA Samueli School of Engineering. The team reported that metallic theta-phase tantalum nitride conducts heat nearly three times more efficiently than copper or silver, the best conventional heat-conducting metals.

Thermal conductivity describes how efficiently a material can carry heat. Materials with high thermal conductivity are essential for removing localized hot spots in electronic devices, where overheating limits performance, reliability and energy efficiency. Copper currently dominates the global heat-sink market, accounting for roughly 30% of commercial thermal-management materials, with a thermal conductivity of about 400 watts per meter-kelvin.

/* */