Cryptography

Hitachi Energy GMS600 versions 1.3.0–1.3.1 vulnerable to OpenSSL timing attack (CVE-2022-4304)

RetoSwap loses 7,000 XMR ($2.7M) due to Haveno protocol vulnerability.

Microsoft acknowledges YellowKey BitLocker bypass vulnerability and releases mitigations.

OHNO crypto trading platform allegedly breached, exposing Telegram IDs, wallets, and private keys.

Kaspersky reports 2026 ransomware trends: EDR killers rising, shift to encryptionless extortion, post-quantum crypto

TrickMo Android banker adopts TON blockchain for covert C2 communications in European campaigns.

MAXHUB Pivot client application CVE-2026-6411 uses hardcoded AES key allowing email disclosure

ABB B&R Automation Studio certificate validation flaw allows server spoofing.

DigiCert breach compromised certificate issuance infrastructure via screensaver exploit.

Telegram Mini Apps abused in large-scale FEMITBOT operation for crypto scams and Android malware distribution.

Litecoin zero-day bug causes DoS attack on mining pools via invalid MWEB transactions.

LabsSentinel discovers fast16, a state-grade sabotage framework from 2005, predating Stuxnet by five years.

Kyber ransomware targets Windows and VMware ESXi with post-quantum encryption claims.

Microsoft patches critical ASP.NET Core privilege escalation bug CVE-2026-40372 with CVSS 9.1

Lazarus Group blamed for $290M Kelp DAO crypto heist via LayerZero DVN compromise.

Lazarus Group steals $290M from KelpDAO DeFi protocol via compromised cross-chain verification.

Sanctioned Grinex cryptocurrency exchange loses $13.74M in hack, blames Western intelligence agencies.

Quantum computing threat spurs urgent global migration to post-quantum cryptography standards.

Critical wolfSSL flaw CVE-2026-5194 allows certificate forgery across 5B devices; patch to 5.9.1 released.

Critical wolfSSL cryptographic validation flaw allows forged certificate acceptance via weak ECDSA signatures.

Threat actor sells phishing suite mimicking Ledger wallet to steal crypto credentials.

Google accelerates quantum-resistant encryption migration as research suggests quantum computers could break classical

M6PLUS Bluetooth protocol lacks replay protection; POC released for CVE-2026-4583.

Seven vulnerabilities patched in OpenSSL, including moderate-severity data leakage flaw.

Android security updates patch critical DoS flaw and high-severity StrongBox keystore vulnerability.

Hong Kong police gain power to force encryption key disclosure under National Security Law.

Hong Kong police gain legal power to compel encryption key disclosure.

SparkCat malware variant found on iOS and Android app stores steals crypto wallet recovery phrases.

REF1695 operation deploys RATs and crypto miners via ISO file lures since November 2023.

Google commits to quantum-safe cryptography migration by 2029.

Google accelerates post-quantum cryptography migration to 2029 amid faster quantum computing progress.

Weekly threat roundup covers PQC migration, AI vuln hunting, Sandworm backdoors, crypto wallet scams, and phishing kits.

Google accelerates post-quantum encryption migration timeline from 2035 to 2029.

Torg Grabber infostealer malware targets 728 crypto wallets and 850 browser extensions.

GlassWorm malware evolves with Solana dead drops, RAT, and hardware wallet phishing.

Fake OpenClaw token giveaway phishing campaign targets GitHub developers to drain crypto wallets.

Phishing campaign targets French enterprises with fake resumes to deploy crypto miners and credential stealers.