Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

Oracle WebLogic CVE-2024–21182 Added to KEV Catalog After Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

The vulnerability, CVE-2024–21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was patched by Oracle in July 2024.

“Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server,” CISA said.

Over 116,000 Minecraft systems infected in WeedHack malware campaign

A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January.

The malware is distributed through Minecraft-related malicious mods, clients, cheats, and utilities that are promoted over YouTube and SEO (search engine optimization) poisoning.

WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems.

How AI & Quantum Computing Will Transform Zero Trust Cybersecurity

By Chuck Brooks, president of Brooks Consulting International and one of Executive Mosaic’s GovCon Experts

In Zero Trust cybersecurity protocols there is no implicit trust of identity or privilege – inside or outside the network perimeter, and every person, device, application and transaction must be continuously verified.

Zero Trust is a framework that is adaptive and it has to be in today’s digital ecosystem. Emerging technologies such as artificial intelligence and quantum computing are no longer merely enablers but core disruptors. They broaden attack surfaces, but also offer significant defenses, and call for a rethinking of Zero Trust systems.

OpenAI’s quiet co-founder steps out

OpenAI co-founder Wojciech Zaremba doesn’t do many interviews.

We recently spoke about why he moved over to help run the company’s nonprofit arm.

His reaction to Anthropic speaking alongside the Pope: “I have more bias towards doing. Let’s actually solve the problems, and let’s speak about the exact plan.”

Wojciech Zaremba recently bought a copy of “House on Fire,” a 2011 memoir by epidemiologist William Foege about the campaign that wiped smallpox off the planet. He’s using it as a guidebook for executing what is about to become one of the largest philanthropic efforts of all time.

Zaremba is one of OpenAI’s least well-known co-founders. He has spent more than a decade at the company across a range of efforts, from leading its early robotics efforts to starting the team that guides OpenAI’s personality and what became reasoning models. In March, he left the frontier research world to run AI “resilience” at OpenAI’s nonprofit foundation.

Zaremba and I spoke ahead of a post that the OpenAI Foundation published Monday morning titled “Resilience in the Age of AI,” which names four areas it will initially fund: biosecurity, cybersecurity, model safety, and AI’s effect on kids. After $100 million for fighting Alzheimer’s with AI in April and $250 million for researching “economic futures” last week, the initial $25 billion grant machine Zaremba helps oversee is spinning up.

Continue reading “OpenAI’s quiet co-founder steps out” | >

A retention-aware system turns a computer’s storage chip into a cybersecurity shield

Hackers are ruthless. They can take control of your computer, delete files and disappear without a trace. However, FIU cybersecurity researcher Weidong Zhu has discovered a way to transform a computer’s storage chip into an additional tool for cyber defense. Working with collaborators at the University of Florida, Zhu created a system that makes data on these chips last longer—extending the lifespan of your files in the critical window after your computer is compromised. The work is published in the journal Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security.

“Our system extends recoverable data history up to 126 days,” said Zhu, an assistant professor at FIU’s Knight Foundation School of Computing & Information Sciences whose work is part of the Center for Integrated Security, Privacy, and Trustworthy AI (CIERTA). “Even if your computer is infected, your data can survive on your drive.”

Storage chips, known as solid-state drives (SSDs), have intrigued cybersecurity researchers for years. As hardware—not software—they offer unique safety benefits during an attack.

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks.

The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least 17 million infected devices. More than 200 servers located in the Netherlands acted as the platform’s backend infrastructure.

According to a statement issued by the NCSC, police officials seized a subset of these servers from a hosting provider that provided the infrastructure. The provider is said to have subsequently taken the botnet offline following its use for criminal purposes.

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB), the country’s national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks.

Netlogon is a remote procedure call (RPC) interface and a core Microsoft Windows Server background service that authenticates services and users on Windows domain-based networks.

Microsoft patched this vulnerability (CVE-2026–41089) during the May 2026 Patch Tuesday, describing it as a stack-based buffer overflow in Windows Netlogon that allows attackers without privileges to gain remote code execution on targeted domain controllers.

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data.

The threat actor used invisible Unicode characters to encode a payload that builds a URL to a malicious script. By leveraging Valve’s platform, the attacker avoids maintaining a separate C2 infrastructure and evades traditional detection methods.

Since the campaign was first uncovered in July 2025, GoDaddy security engineers have found malware on approximately 1,980 WordPress websites.

ChatGPT share links abused to host fake outage pages to deliver malware

Threat actors are abusing ChatGPT’s content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application.

The “LLMShare” campaign, discovered by Push Security, uses Google ads to direct users searching for ChatGPT to a malicious shared ChatGPT page hosted on chatgpt.com, allowing the attack to be delivered through a legitimate OpenAI domain.

Users who click the advertisement are taken to a legitimate ChatGPT shared page, but instead of seeing a chat conversation, they are presented with a rendered outage notice claiming the web version is unavailable and that they should download the desktop application instead.

/* */