Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security

Instagram users locked out after Meta AI abused to steal accounts

Multiple Instagram users had their accounts hijacked after attackers convinced Meta’s AI-powered support tools that they were the legitimate owners.

In many cases, impacted users are unable to recover access due to the platform’s use of automated assistance that involves only AI/chatbot loops and no human support agents.

On Monday, multiple holders of rare and high-value accounts reported suddenly losing access to their accounts, claiming that their identities had been verified via facial scans and that they had enabled safeguards such as two-factor authentication (2FA).

Critical Kirki flaw exploited to hijack WordPress admin accounts

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026–8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

The attacks were detected by WordPress security firm Defiant, whose Wordfence firewall blocked over 222 attempts against its customers in the past 24 hours.

The full name of the plugin is Kirki — Freeform Page Builder, Website Builder & Customizer. It is a freeform visual builder and advanced theme customizer active on more than 500,000 websites.

AI and ultralow-energy lasers enable an ultrafast authentication system

The security of modern communications heavily relies on systems that can rapidly and reliably verify users and the devices they are using. This process, known as authentication, essentially entails confirming that users or devices are legitimate (i.e., who or what they claim to be).

Conventional authentication systems rely on static cryptographic keys, fixed digital keys that allow encryption algorithms to scramble readable data into unreadable texts or vice versa. While these systems perform well in some contexts, they often struggle when networks include billions of devices that continuously connect and disconnect.

Researchers at King Abdullah University of Science and Technology (KAUST) recently developed a new system that could authenticate devices faster and more reliably in real time, even when they are connecting to large-scale networks, cloud services or virtual environments.

Quantum computing could transform energy grid optimization and security

Modern power systems are rapidly evolving into highly digitized smart grids, increasing their complexity at an unprecedented pace. Renewables, batteries, electric vehicles, power electronics, sensors and real-time control systems are all expanding rapidly, and this is making electricity grids significantly harder to simulate, optimize, secure and operate.

This is driven by the increasing energy demands of a tech-driven modern world. Think of a suburban street in 2005—every house pulled electricity from the grid, and power flowed in one direction from big power stations.

This same street in 2026 might have houses with rooftop solar exporting power back into the grid; electric vehicles (EVs) that need to charge overnight; home batteries storing solar energy and feeding it back into the grid when prices spike; electric busses, electric irrigation pumps, automated machinery and smart appliances that turn on and off based on grid signals.

Google Chrome adds session cookie theft protection for all users

Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers.

Available in beta since April, DBSC was first announced in 2024 as a way to cryptographically bind session cookies to a specific device, preventing hackers from using such stolen cookies to bypass multi-factor authentication (MFA) and hijack users’ accounts.

DBSC works by cryptographically linking user sessions to the hardware, such as their computer’s security chip (e.g., the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS).

US charges Google security engineer with Polymarket insider trading

A Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market.

36-year-old Michele Spagnuolo, an Italian citizen residing in Switzerland and a Google employee since 2014, appeared on Wednesday in the Southern District of New York.

In parallel, the Commodity Futures Trading Commission (CFTC) filed a separate civil complaint the same day, seeking restitution, disgorgement, civil monetary penalties, and trading and registration bans.

Ann Cavoukian: We have to protect privacy globally or we protect it nowhere!

I recorded this interview 13 years ago.

It should feel dated by now. It doesn’t. It feels like a prophecy.

Back in 2013, Dr. Ann Cavoukian sat down with me as the Information and Privacy Commissioner of Ontario and the mind behind Privacy by Design. She told me privacy was not dead. She told me security and freedom were not a trade-off. She told me metadata reveals more about you than the content ever could.

Then she said something I have never been able to shake:

“We have to protect privacy globally, or we protect it nowhere.”

Think about where we are now. Surveillance is the business model. Your data trains systems you will never see. The “nothing to hide” crowd got louder, and the borders she warned about got thinner. She saw all of it coming.

Continue reading “Ann Cavoukian: We have to protect privacy globally or we protect it nowhere!” | >
/* */