Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog – Page 212

Get the latest international news and world events from around the world.

Log in for authorized contributors

New Clues Suggest Life’s Building Blocks Were Sorted in Space Before Reaching Earth

New research suggests that amino acids, the fundamental components of life, may have arrived on Earth carried by interstellar dust grains, possibly contributing to the origins of life as we know it. In a study published in the Monthly Notices of the Royal Astronomical Society, Stephen Thompson, I

Astronomers Weigh “Cotton Candy” Planets and Solve a Cosmic Mystery

Astronomers have captured an exceptionally rare view of young planets in mid-transformation, revealing how bloated, giant worlds may shrink into the most common planets in the galaxy. Astronomers have been startled in recent years by a striking pattern around Sun-like stars. Many of them host a p

N8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

N8n has also warned about the security risk arising from the use of community nodes from npm, which it said can introduce breaking changes or execute malicious actions on the machine that the service runs on. On self-hosted n8n instances, it’s advised to disable community nodes by setting N8N_COMMUNITY_PACKAGES_ENABLED to false.

“Community nodes run with the same level of access as n8n itself. They can read environment variables, access the file system, make outbound network requests, and, most critically, receive decrypted API keys and OAuth tokens during workflow execution,” researchers Kiran Raj and Henrik Plate said. “There is no sandboxing or isolation between node code and the n8n runtime.”

“Because of this, a single malicious npm package is enough to gain deep visibility into workflows, steal credentials, and communicate externally without raising immediate suspicion. For attackers, the npm supply chain offers a quiet and highly effective entry point into n8n environments.”

Apple confirms Google Gemini will power Siri, says privacy remains a priority

Apple and Google have confirmed that the next version of Siri will use Gemini and Google Cloud in a multi-year collaboration between the two tech giants.

Until now, Apple has been using its own AI model for Siri, but its performance has been subpar compared to the likes of GPT, Gemini, or even Copilot.

Now, Apple and Google have entered into a multi-year collaboration. As part of this partnership, future versions of Siri will use Gemini models.

Facebook login thieves now using browser-in-browser trick

Hackers over the past six months have relied increasingly more on the browser-in-the-browser (BitB) method to trick users into providing Facebook account credentials.

The BitB phishing technique was developed by security researcher mr.d0x in 2022. Cybercriminals later adopted it in attacks targeting various online services, including Facebook and Steam.

Trellix researchers monitoring malicious activity say that threat actors steal Facebook accounts to spread scams, harvest personal data, or commit identity fraud. With more than three billion active users, the social network is still a prime target for fraudsters.

/* */