[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag:cryptography":3},{"tag":4,"articles":8,"awareness":403,"events":404,"tips":418,"focus_items":419,"total_count":420},{"slug":5,"name":6,"description":7},"cryptography","Cryptography","Encryption, quantum threats, protocol weaknesses",[9,18,27,36,45,54,63,71,79,87,96,104,113,122,131,140,149,158,167,176,185,194,203,212,221,230,238,245,254,263,272,280,289,298,307,316,325,334,342,350,358,366,372,380,387,395],{"id":10,"title":11,"slug":12,"brief":13,"ai_summary":14,"url":15,"image_url":16,"published_at":17},"e3a6e55a-7d15-4999-9554-0ccce67f8b71","Hitachi Energy GMS600","hitachi-energy-gms600-6701cd","Hitachi Energy GMS600 versions 1.3.0–1.3.1 vulnerable to OpenSSL timing attack (CVE-2022-4304)","Hitachi Energy GMS600 grid management system versions 1.3.0 and 1.3.1 are affected by CVE-2022-4304, a timing-based side-channel vulnerability in OpenSSL's RSA decryption implementation. An attacker with network access can recover encrypted pre-master secrets and decrypt TLS application data through a Bleichenbacher-style attack. Hitachi recommends immediate upgrade to version 1.3.2.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-141-01",null,"2026-05-21T12:00:00+00:00",{"id":19,"title":20,"slug":21,"brief":22,"ai_summary":23,"url":24,"image_url":25,"published_at":26},"ab7e053e-2f59-47a1-90df-06a9bd2e8fd6","RetoSwap has been drained of 7,000 XMR ($2.7 Million) after a flaw in the Haveno protocol. https:...","retoswap-has-been-drained-of-7-000-xmr-2-7-million-after-a-flaw-in-the-haveno-pr-5e983d","RetoSwap loses 7,000 XMR ($2.7M) due to Haveno protocol vulnerability.","RetoSwap, a cryptocurrency exchange or trading platform, suffered a significant loss of 7,000 Monero (XMR) valued at approximately $2.7 million following the exploitation of a flaw in the Haveno protocol. The incident highlights critical security issues in decentralized exchange infrastructure and protocol design.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2057244918901342436","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIzM2VOWMAAncHE.jpg","2026-05-20T23:39:45+00:00",{"id":28,"title":29,"slug":30,"brief":31,"ai_summary":32,"url":33,"image_url":34,"published_at":35},"08dfd853-ea12-45b3-861c-914ee4bfbfdb","Microsoft acknowledges the YellowKey BitLocker bypass vulnerability and releases mitigations\n\nhtt...","microsoft-acknowledges-the-yellowkey-bitlocker-bypass-vulnerability-and-releases-f12b1d","Microsoft acknowledges YellowKey BitLocker bypass vulnerability and releases mitigations.","Microsoft has publicly acknowledged a BitLocker encryption bypass vulnerability tracked as YellowKey and released mitigations to address the flaw. The vulnerability allows attackers to bypass BitLocker's encryption protections under certain conditions. Microsoft's response includes patches and guidance for affected users.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2057125717373075843","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIxg7WNWAAAYFTV.png","2026-05-20T15:46:05+00:00",{"id":37,"title":38,"slug":39,"brief":40,"ai_summary":41,"url":42,"image_url":43,"published_at":44},"3c489d96-a964-4031-aa20-ee13ab5d9e64","‼️OHNO allegedly breached exposing Telegram user IDs, crypto wallets, and private keys from the o...","ohno-allegedly-breached-exposing-telegram-user-ids-crypto-wallets-and-private-ke-5e265b","OHNO crypto trading platform allegedly breached, exposing Telegram IDs, wallets, and private keys.","A threat actor claims to have breached OHNO, a Telegram-based on-chain trading automation platform, and leaked sensitive user data including Telegram user IDs, cryptocurrency wallet addresses, and private keys. The breach exposes users to direct theft of crypto assets and account takeover risks. OHNO provides bot services for automated trading through Telegram.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054294823868252504","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIJSP99WAAA277j.jpg","2026-05-12T20:17:07+00:00",{"id":46,"title":47,"slug":48,"brief":49,"ai_summary":50,"url":51,"image_url":52,"published_at":53},"2a12f9e3-d377-4673-99fe-2063c05f6a9c","State of ransomware in 2026","state-of-ransomware-in-2026-75f428","Kaspersky reports 2026 ransomware trends: EDR killers rising, shift to encryptionless extortion, post-quantum crypto","Kaspersky's annual ransomware report reveals key 2026 trends including the widespread adoption of EDR killer tools for defense evasion, a strategic shift toward encryptionless extortion as ransom payment rates decline to 28%, and emerging ransomware families leveraging post-quantum cryptography like PE32's ML-KEM implementation. The threat landscape shows continued industrialization through Access-as-a-Service models while traditional encryption-based attacks remain prevalent, particularly in manufacturing where losses exceeded $18 billion in early 2025.","https:\u002F\u002Fsecurelist.com\u002Fstate-of-ransomware-in-2026\u002F119761\u002F","https:\u002F\u002Fmedia.kasperskycontenthub.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F43\u002F2026\u002F05\u002F08142445\u002FSL-ransomware-report-2026-featured-scaled.jpg","2026-05-12T07:00:04+00:00",{"id":55,"title":56,"slug":57,"brief":58,"ai_summary":59,"url":60,"image_url":61,"published_at":62},"832dc592-b7b7-46f3-b357-1412cb745d40","TrickMo Android banker adopts TON blockchain for covert comms","trickmo-android-banker-adopts-ton-blockchain-for-covert-comms-fc9693","TrickMo Android banker adopts TON blockchain for covert C2 communications in European campaigns.","A new variant of TrickMo Android banking malware (Trickmo.C) discovered by ThreatFabric uses The Open Network (TON) blockchain for command-and-control communications, making it harder to detect and take down. The malware, disguised as TikTok or streaming apps, targets banking and cryptocurrency wallets of users in France, Italy, and Austria. The variant adds network tools (curl, SSH, SOCKS5 proxy) and uses an embedded local TON proxy with encrypted .ADNL addresses to evade traditional domain-based takedowns.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Ftrickmo-android-banker-adopts-ton-blockchain-for-covert-comms\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2024\u002F01\u002F31\u002Fimage_(2).jpg","2026-05-11T09:03:02+00:00",{"id":64,"title":65,"slug":66,"brief":67,"ai_summary":68,"url":69,"image_url":16,"published_at":70},"564f3759-ebef-4711-8dd4-04f20e63411f","MAXHUB Pivot Client Application","maxhub-pivot-client-application-cd5929","MAXHUB Pivot client application CVE-2026-6411 uses hardcoded AES key allowing email disclosure","CISA released ICS Advisory ICSA-26-127-01 detailing CVE-2026-6411 in MAXHUB Pivot client application versions prior to v1.36.2. The vulnerability stems from a hardcoded AES encryption key that allows attackers to decrypt tenant email addresses and metadata, with a CVSS 3.1 score of 7.3 (HIGH). Additionally, attackers can perform denial-of-service attacks by enrolling unauthorized devices via MQTT.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-127-01","2026-05-07T12:00:00+00:00",{"id":72,"title":73,"slug":74,"brief":75,"ai_summary":76,"url":77,"image_url":16,"published_at":78},"fa3ff5bf-3e3e-4f3f-a7bb-7fbe80c0dcce","ABB B&R Automation Studio","abb-b-r-automation-studio-71bd29","ABB B&R Automation Studio certificate validation flaw allows server spoofing.","ABB B&R Automation Studio versions before 6.5 contain an improper certificate validation vulnerability (CVE-2025-11043) in OPC-UA and ANSL over TLS clients that allows unauthenticated attackers on the network to spoof trusted servers and intercept data exchanges. The vulnerability has a CVSS score of 7.4 (HIGH) and affects critical manufacturing infrastructure worldwide. A patch is available in version 6.5, and ABB recommends immediate deployment.","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-125-04","2026-05-05T12:00:00+00:00",{"id":80,"title":81,"slug":82,"brief":83,"ai_summary":84,"url":85,"image_url":16,"published_at":86},"96793069-9619-4790-8398-bd4bd80bf560","When a Screensaver Cracked the Internet's Trust Layer: Inside the DigiCert Hack\n\nhttps:\u002F\u002Ft.co\u002FLCp...","when-a-screensaver-cracked-the-internet-s-trust-layer-inside-the-digicert-hack-h-e46076","DigiCert breach compromised certificate issuance infrastructure via screensaver exploit.","A breach of DigiCert's systems exploited a screensaver vulnerability to gain unauthorized access to certificate issuance infrastructure. The incident undermined trust in the public key infrastructure by allowing potential issuance of fraudulent SSL\u002FTLS certificates. This supply-chain attack targeted a critical Internet trust provider, affecting all entities relying on DigiCert-issued certificates.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2051366108117053843","2026-05-04T18:19:27+00:00",{"id":88,"title":89,"slug":90,"brief":91,"ai_summary":92,"url":93,"image_url":94,"published_at":95},"1d9dc995-0aca-4444-bb35-76abc4bff2b1","Telegram Mini Apps abused for crypto scams, Android malware delivery","telegram-mini-apps-abused-for-crypto-scams-android-malware-delivery-78a60b","Telegram Mini Apps abused in large-scale FEMITBOT operation for crypto scams and Android malware distribution.","Cybersecurity researchers uncovered FEMITBOT, a large-scale fraud platform exploiting Telegram's Mini App feature to conduct cryptocurrency scams, impersonate major brands (Apple, NVIDIA, Disney, etc.), and distribute Android malware. The operation uses a shared backend infrastructure with phishing bots that display fake investment dashboards within Telegram's WebView, employing urgency tactics and advance-fee scam mechanics. Victims are tricked into deposits or referrals, while malicious Android APKs are distributed disguised as legitimate applications.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Ftelegram-mini-apps-abused-for-crypto-scams-android-malware-delivery\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2021\u002F12\u002F08\u002FTelegram_headpic.jpg","2026-05-03T14:11:21+00:00",{"id":97,"title":98,"slug":99,"brief":100,"ai_summary":101,"url":102,"image_url":16,"published_at":103},"6ac47bd1-195c-4dac-941d-e088fb63fa4d","🚨 Litecoin has confirmed a zero-day bug caused a DoS attack that disrupted major mining pools. N...","litecoin-has-confirmed-a-zero-day-bug-caused-a-dos-attack-that-disrupted-major-m-b4cc9c","Litecoin zero-day bug causes DoS attack on mining pools via invalid MWEB transactions.","Litecoin disclosed a zero-day vulnerability that enabled a denial-of-service attack against major mining pools through acceptance of invalid MWEB (MimbleWimble Extension Block) transactions by non-updated nodes. The attack resulted in coins being pegged out to third-party decentralized exchanges, but a 13-block reorganization reversed the invalid transactions, preventing their inclusion in the main chain.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2048148408750223595","2026-04-25T21:13:28+00:00",{"id":105,"title":106,"slug":107,"brief":108,"ai_summary":109,"url":110,"image_url":111,"published_at":112},"3b76cc85-a073-4ee9-b4de-1009bb4514be","⚠️ The history of cyberwar just got rewritten. 🔬 @LabsSentinel has discovered fast16 — a state-g...","the-history-of-cyberwar-just-got-rewritten-labssentinel-has-discovered-fast16-a--396c4a","LabsSentinel discovers fast16, a state-grade sabotage framework from 2005, predating Stuxnet by five years.","Security researchers at LabsSentinel have uncovered fast16, a sophisticated state-sponsored sabotage framework dating back to 2005—five years before the Stuxnet disclosure. The discovery reveals advanced cyber capabilities targeting critical infrastructure including nuclear programs, advanced physics research, and cryptographic systems. This finding reshapes the historical timeline of nation-state cyberwarfare and suggests earlier state involvement in critical infrastructure targeting than previously documented.","https:\u002F\u002Fx.com\u002FSentinelOne\u002Fstatus\u002F2047735383878975806","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHGsEBW9a0AA_LDH.jpg","2026-04-24T17:52:15+00:00",{"id":114,"title":115,"slug":116,"brief":117,"ai_summary":118,"url":119,"image_url":120,"published_at":121},"ecc257e7-3db4-4307-b7f2-92663ce3bcab","Kyber ransomware gang toys with post-quantum encryption on Windows","kyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows-5ffe18","Kyber ransomware targets Windows and VMware ESXi with post-quantum encryption claims.","A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints, with variants deployed simultaneously across victim networks. While the Windows variant genuinely implements Kyber1024 post-quantum encryption for key protection paired with AES-CTR for file encryption, the Linux ESXi variant falsely advertises post-quantum capabilities but actually uses ChaCha8 and RSA-4096. Rapid7 analyzed both variants during a March 2026 incident response involving a major US defense contractor, finding the Windows variant more technically mature and designed to eliminate multiple data recovery paths.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fkyber-ransomware-gang-toys-with-post-quantum-encryption-on-windows\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F02\u002F12\u002Fransomware-3.jpg","2026-04-22T18:52:29+00:00",{"id":123,"title":124,"slug":125,"brief":126,"ai_summary":127,"url":128,"image_url":129,"published_at":130},"1c208ef6-d725-4f43-a50d-53dabeebe2dd","Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug","microsoft-patches-critical-asp-net-core-cve-2026-40372-privilege-escalation-bug-b5c0f3","Microsoft patches critical ASP.NET Core privilege escalation bug CVE-2026-40372 with CVSS 9.1","Microsoft released out-of-band updates to fix CVE-2026-40372, a critical privilege escalation vulnerability in ASP.NET Core that allows attackers to gain SYSTEM privileges through improper cryptographic signature verification. The flaw affects Microsoft.AspNetCore.DataProtection versions 10.0.0-10.0.6 on non-Windows systems and has been resolved in version 10.0.7. Exploitation enables attackers to forge authentication payloads, decrypt protected cookies, and issue legitimately-signed tokens unless the DataProtection key ring is rotated after patching.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Fmicrosoft-patches-critical-aspnet-core.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEiYMuDYXH3vQ6ycJCKfikptBR0jdQdnf-s36gDb0LYx3gvMwQOQLrt072KY5GZ0T2GRhyphenhyphenrfIg5qcCqjE0J_PtKQ1P409j_veWwKYoGsGssQcTotxI2-Dl8akDSyPif_j4LgFL3kWI6pvWKX5QBjsnIZIHdFzlAIRgxspuS4W0Ywe-Z63zmIyL7X39CG_3Ng\u002Fs1600\u002Fdotnet.jpg","2026-04-22T09:29:00+00:00",{"id":132,"title":133,"slug":134,"brief":135,"ai_summary":136,"url":137,"image_url":138,"published_at":139},"a81c840e-1723-4e1f-a111-4c1dc4bf6ac2","$290 Million Kelp DAO Crypto Heist Blamed on North Korea","290-million-kelp-dao-crypto-heist-blamed-on-north-korea-40007c","Lazarus Group blamed for $290M Kelp DAO crypto heist via LayerZero DVN compromise.","North Korea-linked Lazarus Group's TraderTraitor subgroup orchestrated a $290 million cryptocurrency theft from Kelp DAO by compromising LayerZero's Decentralized Verifier Network (DVN) infrastructure. The attackers poisoned two remote procedure calls (RPCs) and used DDoS attacks to force failover to malicious nodes, allowing forged cross-chain messages. The incident exposed the risks of single-DVN configurations and triggered cascading failures across DeFi protocols, including an $8 billion liquidity crisis at Aave.","https:\u002F\u002Fwww.securityweek.com\u002F290-million-kelp-dao-crypto-heist-blamed-on-north-korea\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F01\u002FNorth-Korea-hacking.jpeg","2026-04-21T10:02:09+00:00",{"id":141,"title":142,"slug":143,"brief":144,"ai_summary":145,"url":146,"image_url":147,"published_at":148},"c37c5d4e-79a0-436f-96e6-2c0a9a9b770c","KelpDAO suffers $290 million heist tied to Lazarus hackers","kelpdao-suffers-290-million-heist-tied-to-lazarus-hackers-780e49","Lazarus Group steals $290M from KelpDAO DeFi protocol via compromised cross-chain verification.","North Korean state-sponsored hackers affiliated with the Lazarus Group, specifically the TraderTraitor subgroup, executed a $290 million theft from KelpDAO on April 18, 2026, by compromising RPC nodes used in cross-chain message validation and DDoS-ing healthy nodes to force reliance on poisoned data. The attack enabled unauthorized transfer of 116,500 rsETH tokens, which were laundered through Tornado Cash. The incident affected downstream protocols including Compound, Euler, and Aave, which froze rsETH collateral.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fkelpdao-suffers-290-million-heist-tied-to-lazarus-hackers\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2023\u002F12\u002F01\u002FHackers_crypto.jpg","2026-04-20T22:23:52+00:00",{"id":150,"title":151,"slug":152,"brief":153,"ai_summary":154,"url":155,"image_url":156,"published_at":157},"4bfe1ddc-b7bd-4cd4-b488-87dfe99ecfc6","$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims","13-74m-hack-shuts-down-sanctioned-grinex-exchange-after-intelligence-claims-0deea6","Sanctioned Grinex cryptocurrency exchange loses $13.74M in hack, blames Western intelligence agencies.","Grinex, a Kyrgyzstan-based cryptocurrency exchange sanctioned by the U.S. and U.K. for money laundering ties to ransomware and darknet markets, suffered a $13.74 million breach on April 15, 2026. The exchange claims the attack bore hallmarks of state-sponsored involvement and has suspended operations. Blockchain analysts identified ~70 wallet addresses involved, with stolen USDT quickly converted to non-freezable tokens; however, some analysts suggest the incident may be a false-flag operation given Grinex's heavily sanctioned status and known obfuscation techniques.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002F1374m-hack-shuts-down-sanctioned-grinex.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEhPcUvJCFRqDmEr1ZDSaUJCAymmKwZOeXdmfPY6Eekp7tLOpqjXLKHilHOHlNyuxmennQE8H5oxuRTaCncC8hsoGYEloD8OrDlR1wpbxGivBBB7KdVX8kiv_pOzC6GQ7LNPKoJGkFklpW0XutuLRPjl3I5cPta1n-BqVyAdO1luW3EUR8jyiZEtVjVTGWUK\u002Fs1600\u002Fgrinex.jpg","2026-04-18T07:59:00+00:00",{"id":159,"title":160,"slug":161,"brief":162,"ai_summary":163,"url":164,"image_url":165,"published_at":166},"30742e50-735f-46e1-b4e2-9e5dc24d7ef1","The Race to Quantum-Proof the Internet Has Already Begun","the-race-to-quantum-proof-the-internet-has-already-begun-babed7","Quantum computing threat spurs urgent global migration to post-quantum cryptography standards.","Security experts warn that the transition to post-quantum cryptography is no longer theoretical but actively underway, driven by the \"harvest now, decrypt later\" risk where adversaries collect encrypted data today to decrypt once quantum computers arrive. The article highlights critical challenges including slow adoption of post-quantum standards, the potential breakdown of digital signatures enabling impersonation attacks, and the massive coordination burden of upgrading cryptography globally across trillions of dollars in secured value. Ethereum is noted as one of the few ecosystems actively preparing for this transition, with emerging technologies like Fully Homomorphic Encryption potentially playing a foundational role in next-generation infrastructure.","https:\u002F\u002Fhackread.com\u002Frace-to-quantum-proof-the-internet\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002Frace-to-quantum-proof-the-internet.jpg","2026-04-17T17:44:46+00:00",{"id":168,"title":169,"slug":170,"brief":171,"ai_summary":172,"url":173,"image_url":174,"published_at":175},"d9f23c20-c3f7-4fe5-ba45-37579af4ba01","wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now","wolfssl-vulnerability-hits-iot-routers-and-military-systems-update-to-5-9-1-now-ecd3af","Critical wolfSSL flaw CVE-2026-5194 allows certificate forgery across 5B devices; patch to 5.9.1 released.","A critical vulnerability (CVE-2026-5194) in wolfSSL, a cryptographic library used by approximately 5 billion IoT, router, and military devices, allows attackers to forge digital certificates by bypassing digest and OID verification checks. The flaw affects multiple signature algorithms including ECDSA, DSA, ML-DSA, ED25519, and ED448, and was patched in version 5.9.1 released April 8, 2026. The widespread use of wolfSSL across supply chains creates a major risk, particularly for legacy devices that may never receive updates.","https:\u002F\u002Fhackread.com\u002Fwolfssl-vulnerability-iot-routers-military-systems\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002Fwolfssl-vulnerability-iot-routers-military-systems.jpg","2026-04-14T18:30:42+00:00",{"id":177,"title":178,"slug":179,"brief":180,"ai_summary":181,"url":182,"image_url":183,"published_at":184},"c025e673-a5c6-406f-9f45-7113e51aa746","Critical flaw in wolfSSL library enables forged certificate use","critical-flaw-in-wolfssl-library-enables-forged-certificate-use-8adeaf","Critical wolfSSL cryptographic validation flaw allows forged certificate acceptance via weak ECDSA signatures.","A critical vulnerability (CVE-2026-5194) in the wolfSSL SSL\u002FTLS library allows attackers to forge certificates by exploiting improper verification of hash algorithms and digest sizes in ECDSA signature checking. The flaw affects multiple signature algorithms and impacts billions of embedded devices, IoT systems, and industrial control systems worldwide. wolfSSL patched the issue in version 5.9.1 released April 8, 2026.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcritical-flaw-in-wolfssl-library-enables-forged-certificate-use\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F04\u002F13\u002Fwolfssl.jpg","2026-04-13T19:56:03+00:00",{"id":186,"title":187,"slug":188,"brief":189,"ai_summary":190,"url":191,"image_url":192,"published_at":193},"1ceaf3ad-ba06-4e7d-af69-097dfb8e2a61","‼️ A threat actor is selling a sophisticated phishing suite designed to mimic Ledger cryptocurren...","a-threat-actor-is-selling-a-sophisticated-phishing-suite-designed-to-mimic-ledge-b76311","Threat actor sells phishing suite mimicking Ledger wallet to steal crypto credentials.","A threat actor is offering a sophisticated phishing kit designed to impersonate Ledger cryptocurrency wallet interfaces, capable of harvesting seed phrases and login credentials. The kit features anti-detection mechanisms, keylogging functionality, and Telegram integration for real-time command and control notifications.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2043421679603396974","https:\u002F\u002Fpbs.twimg.com\u002Famplify_video_thumb\u002F2043421411968954368\u002Fimg\u002FFLtPhgs9wWH_Xyf5.jpg","2026-04-12T20:11:08+00:00",{"id":195,"title":196,"slug":197,"brief":198,"ai_summary":199,"url":200,"image_url":201,"published_at":202},"a9011350-945a-4521-a5c5-0a8d0afa1873","Why is the timeline to quantum-proof everything constantly shrinking?","why-is-the-timeline-to-quantum-proof-everything-constantly-shrinking-ce1db1","Google accelerates quantum-resistant encryption migration as research suggests quantum computers could break classical","Google and other tech companies are speeding up migration to post-quantum cryptography following new research indicating quantum computers capable of breaking 256-bit encryption may require only 10,000 qubits rather than millions, potentially operational by decade's end. The accelerated timeline is driven by three factors: hardware advancements (neutral atom arrays), mathematical breakthroughs (improved qubit efficiency), and concerns over Chinese quantum computing leadership. The shift reflects growing consensus around the \"harvest now, decrypt later\" threat, where adversaries collect encrypted data today to decrypt with future quantum computers.","https:\u002F\u002Fcyberscoop.com\u002Fquantum-computing-industry-timeline-threat-accelerating\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2026\u002F04\u002FChina-Quantum-.jpeg","2026-04-09T21:05:40+00:00",{"id":204,"title":205,"slug":206,"brief":207,"ai_summary":208,"url":209,"image_url":210,"published_at":211},"e6a04624-41ab-40dd-bccb-e8c9795194ea","‼️ M6Plus Proof of Concept (POC) CVE-2026-4583 (Missing Replay Protection)\n\nThe M6PLUS Bluetooth...","m6plus-proof-of-concept-poc-cve-2026-4583-missing-replay-protection-the-m6plus-b-fafe5e","M6PLUS Bluetooth protocol lacks replay protection; POC released for CVE-2026-4583.","A proof-of-concept exploit has been released for CVE-2026-4583, which affects the M6PLUS Bluetooth protocol. The vulnerability stems from missing cryptographic authentication and reliance on a trivial single-byte XOR checksum for integrity verification, allowing attackers to forge or replay messages. The flaw exposes M6PLUS devices to potential unauthorized control and spoofing attacks.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2041951521835733025","https:\u002F\u002Fpbs.twimg.com\u002Famplify_video_thumb\u002F2041951028115836928\u002Fimg\u002FQVN6xktahITFoV23.jpg","2026-04-08T18:49:15+00:00",{"id":213,"title":214,"slug":215,"brief":216,"ai_summary":217,"url":218,"image_url":219,"published_at":220},"06aa5958-ce66-4773-90cf-d9b0bbb52942","Data Leakage Vulnerability Patched in OpenSSL","data-leakage-vulnerability-patched-in-openssl-77539b","Seven vulnerabilities patched in OpenSSL, including moderate-severity data leakage flaw.","OpenSSL released patches for seven vulnerabilities, including CVE-2026-31790, a moderate-severity flaw affecting versions 3.0–3.6 that can leak sensitive data from uninitialized memory buffers when RSASVE key encapsulation fails to verify encryption success. The remaining six flaws are rated low severity, with most causing DoS conditions; two could theoretically lead to remote code execution under uncommon configurations. High-severity vulnerabilities in OpenSSL have become rare, with only one found in 2025.","https:\u002F\u002Fwww.securityweek.com\u002Fdata-leakage-vulnerability-patched-in-openssl\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F10\u002FOpenSSL-communications-traffic.jpg","2026-04-08T15:37:48+00:00",{"id":222,"title":223,"slug":224,"brief":225,"ai_summary":226,"url":227,"image_url":228,"published_at":229},"db8f60cd-6cad-4090-8e8a-b381aa3cd158","Severe StrongBox Vulnerability Patched in Android","severe-strongbox-vulnerability-patched-in-android","Android security updates patch critical DoS flaw and high-severity StrongBox keystore vulnerability.","Google released Android security updates addressing two vulnerabilities: CVE-2026-0049, a critical denial-of-service flaw in Android's Framework component exploitable by local attackers without privileges, and CVE-2025-48651, a high-severity vulnerability in StrongBox (Android's hardware-backed secure keystore) affecting implementations from Google, NXP, STMicroelectronics, and Thales. Neither vulnerability has been exploited in the wild, though technical details of the StrongBox flaw remain undisclosed.","https:\u002F\u002Fwww.securityweek.com\u002Fsevere-strongbox-vulnerability-patched-in-android\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F02\u002FAndroid-update.jpeg","2026-04-07T14:23:51+00:00",{"id":231,"title":232,"slug":233,"brief":234,"ai_summary":235,"url":236,"image_url":16,"published_at":237},"600dcbd7-6854-42a0-b412-e1ccef73e662","Hong Kong Police Can Force You to Reveal Your Encryption Keys - Schneier on Security","hong-kong-police-can-force-you-to-reveal-your-encryption-keys-schneier-on-securi","Hong Kong police gain power to force encryption key disclosure under National Security Law.","Hong Kong authorities expanded enforcement powers under the National Security Law on March 23, 2026, allowing police to demand encryption keys, passwords, and device access assistance from individuals—including airport transits. Refusal to comply is now a criminal offense. Authorities also gained expanded powers to seize personal electronic devices as evidence if allegedly linked to national security offenses.","https:\u002F\u002Fwww.schneier.com\u002Fblog\u002Farchives\u002F2026\u002F04\u002Fhong-kong-police-can-force-you-to-reveal-your-encryption-keys.html","2026-04-07T09:45:51+00:00",{"id":239,"title":240,"slug":241,"brief":242,"ai_summary":243,"url":244,"image_url":16,"published_at":237},"a9af5dff-3bc5-4ced-b67e-7fe7b7ba9ba7","Hong Kong Police Can Force You to Reveal Your Encryption Keys https:\u002F\u002Ft.co\u002FHPa2LFO8Tj","hong-kong-police-can-force-you-to-reveal-your-encryption-keys-https-t-co-hpa2lfo","Hong Kong police gain legal power to compel encryption key disclosure.","Hong Kong authorities have obtained new legal powers enabling police to force individuals to reveal encryption keys or face criminal penalties. This represents a significant expansion of law enforcement capabilities in the territory and raises concerns about privacy and security protections. The move reflects broader trends of governments seeking backdoor access to encrypted communications.","https:\u002F\u002Fx.com\u002Fschneierblog\u002Fstatus\u002F2041452382706647494",{"id":246,"title":247,"slug":248,"brief":249,"ai_summary":250,"url":251,"image_url":252,"published_at":253},"8bcd15f8-1362-4ca2-9fb1-1b20f8c6017a","New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images","new-sparkcat-variant-in-ios-android-apps-steals-crypto-wallet-recovery-phrase-im","SparkCat malware variant found on iOS and Android app stores steals crypto wallet recovery phrases.","Kaspersky researchers discovered a new SparkCat malware variant distributed through legitimate-looking apps on Apple App Store and Google Play Store, targeting cryptocurrency users primarily in Asia. The updated malware uses OCR technology to scan device photo galleries for wallet recovery phrases and transmits them to attacker-controlled servers, with improved obfuscation techniques on Android and broader geographic reach on iOS. The malware's evolution indicates active development by Chinese-speaking threat actors.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Fnew-sparkcat-variant-in-ios-android.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEj2s09d3X9qYABLHP5v1u9iyjRN5p28u6xvnL0qkKR1-s1CsqtIDAWeQCFKQ9S4Mde1ueUmzcjNA9SAzWN-lDWwbmTmmlwbbLkyKx-EJc2-bjhKlEsChsp3iZ6watrZ4I8LJdL_p0vatW4NrXntcs6_xdReGEQJMUCgfAFo-ZfCy_jDsxEZgPMx1T9e1e0L\u002Fs1600\u002Fmobile-wallet-seed.jpg","2026-04-03T09:10:00+00:00",{"id":255,"title":256,"slug":257,"brief":258,"ai_summary":259,"url":260,"image_url":261,"published_at":262},"18770d27-955e-4f26-9ab1-7b69955c684a","Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners","researchers-uncover-mining-operation-using-iso-lures-to-spread-rats-and-crypto-m","REF1695 operation deploys RATs and crypto miners via ISO file lures since November 2023.","Researchers at Elastic Security Labs have documented REF1695, a financially motivated threat group that has been operating since November 2023, distributing remote access trojans (RATs) and cryptocurrency miners through fake ISO installers. The campaign leverages social engineering to bypass Microsoft Defender SmartScreen, deploys the previously undocumented CNB Bot implant, and abuses legitimate Windows kernel drivers (WinRing0x64.sys, Winring0.sys) to optimize CPU settings for mining. The operation has generated approximately 27.88 XMR ($9,392) across tracked wallets and abuses GitHub as a payload delivery CDN to reduce detection friction.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F04\u002Fresearchers-uncover-mining-operation.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEjpKoZinOy6MS9s0nTi1TV12H46KUmgkxu0kGinPE7yyq7Vpo9lmmcz30e5ve0yCk2T0ETCedeV6aXs0iEjI1rOykcXwBPa2a11yb75bjgjad7WKkKgsUAv0lO1tuZ8vVnYZtuiUHKqwM6Z6bxGtheJIhuWW5W6lKjo0FaHZf7ewPO_SFuKAjPKMh_sqDB2\u002Fs1600\u002Fmonero.jpg","2026-04-02T11:42:00+00:00",{"id":264,"title":265,"slug":266,"brief":267,"ai_summary":268,"url":269,"image_url":270,"published_at":271},"04bf48c8-b828-4f96-8119-561fb5a54914","Google Sets 2029 Deadline for Quantum-Safe Cryptography","google-sets-2029-deadline-for-quantum-safe-cryptography","Google commits to quantum-safe cryptography migration by 2029.","Google has announced a 2029 deadline for migrating its infrastructure to post-quantum cryptography (PQC) to safeguard against future quantum computing threats. The move reflects growing industry recognition that cryptographic standards vulnerable to quantum decryption must be replaced before large-scale quantum computers become operational. This timeline aligns with emerging quantum threat assessments and sets a precedent for other major tech companies.","https:\u002F\u002Fwww.darkreading.com\u002Fapplication-security\u002Fgoogle-2029-deadline-quantum-safe-cryptography","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fbltdee69c559f0e21b7\u002F69c58b734754ce06f0ac8aaa\u002Flock_on_laptop_Ales_Utouka_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-03-27T13:00:00+00:00",{"id":273,"title":274,"slug":275,"brief":276,"ai_summary":277,"url":278,"image_url":16,"published_at":279},"22647d88-d134-41f3-9389-1e8aa8942b80","Google Moves Q-Day Estimate to 2029 – Industry Experts Say the Clock Is Already Ticking","google-moves-q-day-estimate-to-2029-industry-experts-say-the-clock-is-already-ti","Google accelerates post-quantum cryptography migration to 2029 amid faster quantum computing progress.","Google announced a 2029 target date for completing its migration to post-quantum cryptography (PQC), significantly ahead of prior NSA (2031) and US government (2035) timelines, citing accelerated progress in quantum hardware, error correction, and factoring estimates. The company highlighted the immediate 'Harvest Now, Decrypt Later' threat where nation-state actors are already exfiltrating encrypted data to decrypt once quantum computers mature, and urged organizations to prioritize PQC for authentication and digital signatures before a cryptographically relevant quantum computer (CRQC) arrives. Industry experts largely affirmed the urgency, emphasizing that the operational risk window is already open and legacy systems, multi-cloud environments, and edge devices pose significant challenges to enterprise migration efforts.","https:\u002F\u002Fwww.itsecurityguru.org\u002F2026\u002F03\u002F27\u002Fgoogle-moves-q-day-estimate-to-2029-industry-experts-say-the-clock-is-already-ticking\u002F?utm_source=rss&utm_medium=rss&utm_campaign=google-moves-q-day-estimate-to-2029-industry-experts-say-the-clock-is-already-ticking","2026-03-27T12:49:59+00:00",{"id":281,"title":282,"slug":283,"brief":284,"ai_summary":285,"url":286,"image_url":287,"published_at":288},"4ab2ecf5-80a7-4351-90dd-f3e9a371361b","ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories","threatsday-bulletin-pqc-push-ai-vuln-hunting-pirated-traps-phishing-kits-20-more","Weekly threat roundup covers PQC migration, AI vuln hunting, Sandworm backdoors, crypto wallet scams, and phishing kits.","ThreatsDay Bulletin aggregates 20+ security stories including Google's accelerated 2029 PQC migration timeline, GitHub's AI-powered vulnerability detection entering Q2 2026 preview, and Sandworm's campaign distributing Tambur\u002FKalambur\u002FSumbur\u002FDemiMur backdoors via pirated software on Telegram. Additional threats include ShieldGuard, a fake crypto wallet security extension that harvests wallet data and sensitive credentials from major platforms like Binance, Coinbase, MetaMask, and OpenSea.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F03\u002Fthreatsday-bulletin-pqc-push-ai-vuln.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEhOuz5FhCwEEsebWV1fHdF2VE-lnNBee6FrzMYsTdEODBsw07F76vTo3-UJKUz7QENWIUU_J7IdNj2vlhZbbdL5Chz6Vt6SyEbIwH-vw3J76SlUT02eZwbGHG5egcJNFeaKBd3sdLrp7egajwLniaeBMwZdXAMv3la2Ywzxin4gLiZK6lHbdPSzUDFCuWHF\u002Fs1600\u002Ftday-main.jpg","2026-03-26T11:45:00+00:00",{"id":290,"title":291,"slug":292,"brief":293,"ai_summary":294,"url":295,"image_url":296,"published_at":297},"9cfaec96-53de-4d0d-9d9c-311c8da35595","Google moves post-quantum encryption timeline up to 2029","google-moves-post-quantum-encryption-timeline-up-to-2029","Google accelerates post-quantum encryption migration timeline from 2035 to 2029.","Google is moving up its timeline for migrating to quantum-resistant encryption from 2035 to 2029, citing faster-than-expected advances in quantum computing hardware, error correction, and factoring resource estimates. The company is implementing NIST-vetted post-quantum cryptography algorithms across its products, systems, and devices, and is calling on other organizations to adopt similar aggressive timelines. This shift reflects growing concerns among U.S. tech leaders about quantum threats and alleged advances by Chinese quantum research labs.","https:\u002F\u002Fcyberscoop.com\u002Fgoogle-moves-post-quantum-encryption-timeline-to-2029\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2025\u002F08\u002FGettyImages-2204630951.jpg","2026-03-25T21:44:14+00:00",{"id":299,"title":300,"slug":301,"brief":302,"ai_summary":303,"url":304,"image_url":305,"published_at":306},"dd8cc5d3-e382-4d9c-81bf-206983d6fe4c","New Torg Grabber infostealer malware targets 728 crypto wallets","new-torg-grabber-infostealer-malware-targets-728-crypto-wallets","Torg Grabber infostealer malware targets 728 crypto wallets and 850 browser extensions.","Torg Grabber is a rapidly evolving infostealer malware that targets 850 browser extensions, including 728 cryptocurrency wallets (MetaMask, Phantom, TrustWallet, Coinbase, Binance, etc.), 103 password managers, and authenticator tools. The malware uses ClickFix clipboard hijacking for initial access and employs sophisticated evasion techniques including App-Bound Encryption bypass, direct syscalls, and reflective loading. Gen Digital researchers identified 334 unique samples compiled between December 2025 and February 2026, with new C2 infrastructure registered weekly and 40 documented operator tags.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fnew-torg-grabber-infostealer-malware-targets-728-crypto-wallets\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2022\u002F09\u002F03\u002Fdata-theft.jpeg","2026-03-25T18:32:37+00:00",{"id":308,"title":309,"slug":310,"brief":311,"ai_summary":312,"url":313,"image_url":314,"published_at":315},"8b1cbf91-f497-450f-a5fd-6234f3408756","GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data","glassworm-malware-uses-solana-dead-drops-to-deliver-rat-and-steal-browser-crypto","GlassWorm malware evolves with Solana dead drops, RAT, and hardware wallet phishing.","Cybersecurity researchers discovered a new variant of the GlassWorm campaign that uses Solana blockchain transactions as dead drop resolvers to deliver a multi-stage malware framework. The attack chain includes a data-theft framework, .NET binary for hardware wallet phishing (Ledger\u002FTrezor), and a JavaScript RAT that steals browser data via a fake Google Docs Offline extension. The campaign continues spreading through compromised npm, PyPI, GitHub, and Open VSX packages, and has expanded into the Model Context Protocol (MCP) ecosystem.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F03\u002Fglassworm-malware-uses-solana-dead.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEhEp3IyImISv7uRuagzygkd4aGvDbrWmOy-xyXMy-VphJQyYgcGzbTtPqlfE9aU4DetBCQh_-EW5S5S-byUu8QScPlK4ZRfuwf7pqHeyEoZRxUTM33qXU4xlHkeVorTunq9aPKr6tRpenSxD2T2m5k1xp1r8LOf3eeIuq6FLNet9FjXescrI5eyMPgd2BY6\u002Fs1600\u002Fforce.jpg","2026-03-25T14:26:00+00:00",{"id":317,"title":318,"slug":319,"brief":320,"ai_summary":321,"url":322,"image_url":323,"published_at":324},"77d44c6b-f7dd-4a9d-8fc5-1ba1cd6b1bc9","Fake OpenClaw Token Giveaway Targets GitHub Devs with Wallet-Draining Scam","fake-openclaw-token-giveaway-targets-github-devs-with-wallet-draining-scam","Fake OpenClaw token giveaway phishing campaign targets GitHub developers to drain crypto wallets.","OX Security discovered a phishing campaign targeting GitHub developers using fake OpenClaw token giveaways worth $5,000. Attackers create fraudulent accounts, tag developers in discussion threads, and redirect victims to a cloned website (token-claw.xyz) that drains connected crypto wallets via MetaMask, Trust Wallet, OKX, and Bybit. The malicious infrastructure includes a JavaScript 'nuke' function designed to delete theft evidence from browser storage.","https:\u002F\u002Fhackread.com\u002Ffake-openclaw-token-github-devs-wallet-drainer-scam\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F03\u002Ffake-openclaw-token-github-devs-wallet-drainer-scam.jpg","2026-03-25T12:14:23+00:00",{"id":326,"title":327,"slug":328,"brief":329,"ai_summary":330,"url":331,"image_url":332,"published_at":333},"3ac00f94-e45a-44c0-aab6-14dee76544cf","Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner","hackers-use-fake-resumes-to-steal-enterprise-credentials-and-deploy-crypto-miner","Phishing campaign targets French enterprises with fake resumes to deploy crypto miners and credential stealers.","A sophisticated phishing campaign named FAUX#ELEVATE is targeting French-speaking corporate environments using obfuscated VBScript files disguised as resume documents. Once executed, the malware deploys a multi-stage toolkit that steals browser credentials, exfiltrates data, and mines Monero cryptocurrency, completing the full infection chain in approximately 25 seconds. The attack abuses legitimate services like Dropbox, compromised WordPress sites for C2 hosting, and mail.ru SMTP infrastructure to evade detection.","https:\u002F\u002Fthehackernews.com\u002F2026\u002F03\u002Fhackers-use-fake-resumes-to-steal.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEjbL1vWsuHhVXpRJ6YeAB7bUhrZmz7Ba3LRQ7MsrXsIVCXfxCMUs4nedbI26D5FpMqQ0uL6APhIlu12GJdDMWZ9AbGiz7qu5gUinMjsmh6yxiuqZvUzSrzj7Iy-Ax4UoCl1BZAGb6kRE_XPaTbmKHK6zTvsRWWeNcrhh4toMR5Fi2o4et0H938i6UPN1r8M\u002Fs1600\u002Fmalware-resume.jpg","2026-03-24T16:35:00+00:00",{"id":335,"title":336,"slug":337,"brief":16,"ai_summary":338,"url":339,"image_url":340,"published_at":341},"bdcf90ba-305f-4c67-8281-8d8c88bb227b","The Danger Behind Meta’s Decision to Kill End-to-End Encrypted Instagram DMs","the-danger-behind-meta-s-decision-to-kill-end-to-end-encrypted-instagram-dms","Meta is removing end-to-end encryption from Instagram Direct Messages on May 8, citing low user adoption of the opt-in feature—a decision experts view as hypocritical given Meta's years-long public commitment to default encryption. Security researchers warn the move sets a dangerous precedent that could embolden other tech companies to weaken privacy protections and give governments further justification for surveillance expansion.","https:\u002F\u002Fwww.wired.com\u002Fstory\u002Fthe-danger-behind-metas-decision-to-kill-end-to-end-encrypted-instagram-dms\u002F","https:\u002F\u002Fmedia.wired.com\u002Fphotos\u002F69b983df93d7de0b35f1edaf\u002Fmaster\u002Fpass\u002F031726-meta-instagram-encryption-end-2.jpg","2026-03-20T10:00:00+00:00",{"id":343,"title":344,"slug":345,"brief":16,"ai_summary":346,"url":347,"image_url":348,"published_at":349},"e99fce7f-0e95-4b69-98aa-98efd4f432a0","Critical ScreenConnect Vulnerability Exposes Machine Keys","critical-screenconnect-vulnerability-exposes-machine-keys","ConnectWise patched CVE-2026-3564, a critical vulnerability (CVSS 9.0) in ScreenConnect that exposed machine keys used for session authentication due to unencrypted storage in configuration files. The flaw could allow attackers to access cryptographic material, elevate privileges, and compromise servers; version 26.1 adds encrypted storage and management of machine keys.","https:\u002F\u002Fwww.securityweek.com\u002Fcritical-screenconnect-vulnerability-exposes-machine-keys\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F02\u002FConnectWise.jpeg","2026-03-19T17:40:03+00:00",{"id":351,"title":352,"slug":353,"brief":16,"ai_summary":354,"url":355,"image_url":356,"published_at":357},"17c56bb4-ab44-4d6b-b37b-7a45cefd1225","ConnectWise patches new flaw allowing ScreenConnect hijacking","connectwise-patches-new-flaw-allowing-screenconnect-hijacking","ConnectWise released a patch for CVE-2026-3564, a critical cryptographic signature verification vulnerability in ScreenConnect that allows attackers to extract ASP.NET machine keys and achieve unauthorized access and privilege escalation. The flaw affects versions before 26.1, and while no confirmed active exploitation has been observed by ConnectWise, researchers have reported attempts to abuse disclosed machine key material in the wild. On-premises administrators must upgrade immediately, while cloud users have been automatically patched.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fconnectwise-patches-new-flaw-allowing-screenconnect-hijacking\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F05\u002F29\u002Fconnectwise-logo.jpg","2026-03-18T18:10:35+00:00",{"id":359,"title":360,"slug":361,"brief":16,"ai_summary":362,"url":363,"image_url":364,"published_at":365},"9cede952-47d3-4da4-b719-c4259c50a1a5","Sector Drainer Advertised as Crypto Wallet Drainer-as-a-Service With 0-Day Phantom Bypass, Hidden Drain, and Autowithdraw Capabilities","sector-drainer-advertised-as-crypto-wallet-drainer-as-a-service-with-0-day-phant-2","SectorD is advertising Sector Drainer, a drainer-as-a-service platform offering 0-day Phantom wallet exploits, scam warning bypasses, and turnkey phishing infrastructure targeting 150+ cryptocurrency wallets. The operation claims over $4M in team profits since 2024, with an 80\u002F20 revenue-share model and capabilities to drain tokens, NFTs, and DeFi positions across multiple blockchain networks.","https:\u002F\u002Fdarkwebinformer.com\u002Fsector-drainer-advertised-as-crypto-wallet-drainer-as-a-service-with-0-day-phantom-bypass-hidden-drain-and-autowithdraw-capabilities\u002F","https:\u002F\u002Fdarkwebinformer.com\u002Fcontent\u002Fimages\u002F2026\u002F03\u002F11064200277848867389.png","2026-03-18T17:17:32+00:00",{"id":367,"title":368,"slug":369,"brief":16,"ai_summary":370,"url":371,"image_url":16,"published_at":365},"51eff8fa-33b1-4562-a1c8-c1054bd7c4f4","‼️ Sector Drainer Advertised as Crypto Wallet Drainer-as-a-Service With 0-Day Phantom Bypass, Hid...","sector-drainer-advertised-as-crypto-wallet-drainer-as-a-service-with-0-day-phant","Sector Drainer is a cryptocurrency wallet drainer-as-a-service tool being actively advertised on underground forums with capabilities including a zero-day Phantom wallet bypass, hidden drain functionality, and automated withdrawal features. The service represents a significant threat to crypto users by targeting one of the most popular Web3 wallets with previously unknown exploitation techniques.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2034318297592668339",{"id":373,"title":374,"slug":375,"brief":16,"ai_summary":376,"url":377,"image_url":378,"published_at":379},"9ef29c12-42c3-4eba-a049-2ee0ba9250a6","LABScon25 Replay | Your Apps May Be Gone, But the Hackers Made $9 Billion and They’re Still Here","labscon25-replay-your-apps-may-be-gone-but-the-hackers-made-9-billion-and-they-r","Andrew MacPherson presents analysis of a $9 billion crypto crime ecosystem, detailing sophisticated DeFi attack vectors including the $1.5 billion Bybit heist involving developer machine compromise and JavaScript code modification. The presentation covers attack patterns targeting applications, developers, and executives, as well as emerging threats like drainers-as-a-service and fund laundering techniques using cross-chain swaps and mixers.","https:\u002F\u002Fs1.ai\u002FLC25-AM","https:\u002F\u002Fwww.sentinelone.com\u002Fwp-content\u002Fuploads\u002F2026\u002F03\u002FLABScon25-Andrew_MacPherson_soc.jpg","2026-03-17T15:48:22+00:00",{"id":381,"title":382,"slug":383,"brief":16,"ai_summary":384,"url":385,"image_url":16,"published_at":386},"a505b1c9-27b1-4325-a437-a3b79cabf35d","Attackers don’t just target wallets. They exploit every weak point in the architecture:\n• Front-e...","attackers-don-t-just-target-wallets-they-exploit-every-weak-point-in-the-archite","Modern cryptocurrency heists exploit multiple attack vectors beyond direct wallet targeting, including front-end applications, code repositories, developer machines, and software supply chains. The $1.5B Bybit theft exemplifies how attackers initiate campaigns through malware infections on developer infrastructure, highlighting the need for defense-in-depth strategies across the entire development ecosystem.","https:\u002F\u002Fx.com\u002FSentinelOne\u002Fstatus\u002F2033933465645945338","2026-03-17T15:48:21+00:00",{"id":388,"title":389,"slug":390,"brief":16,"ai_summary":391,"url":392,"image_url":393,"published_at":394},"74455737-c9c0-4717-9d3e-6c70c31d36df","Azury Infostealer Source Code Sold for $100 With Full Operator Panel, Crypto Wallet Theft, and Keylogging Capabilities","azury-infostealer-source-code-sold-for-100-with-full-operator-panel-crypto-walle-2","Azury Infostealer source code has been sold for $100, enabling widespread deployment of a malware variant with operator panel access, cryptocurrency wallet theft, and keylogging capabilities. The availability of the source code at such a low price significantly lowers the barrier to entry for threat actors to deploy and customize the infostealer. This represents a substantial threat to users holding cryptocurrency and sensitive credential data.","https:\u002F\u002Fdarkwebinformer.com\u002Fazury-infostealer-source-code-sold-for-100-with-full-operator-panel-crypto-wallet-theft-and-keylogging-capabilities\u002F","https:\u002F\u002Fdarkwebinformer.com\u002Fcontent\u002Fimages\u002F2026\u002F03\u002F55138285172695145763.png","2026-03-12T19:16:11+00:00",{"id":396,"title":397,"slug":398,"brief":16,"ai_summary":399,"url":400,"image_url":401,"published_at":402},"00f6cede-7bc3-483b-b73b-30071f889130","Quantum-Resistant Data Diode Secures Sensitive Data on Edge Devices, Critical Systems","quantum-resistant-data-diode-secures-sensitive-data-on-edge-devices-critical-sys","Forward Edge-AI has released Isidore Quantum, a quantum-resistant hardware security device designed to protect operational technology endpoints from future quantum computing threats. The compact, low-power data diode provides cryptographic protection for sensitive systems on edge devices against post-quantum attacks.","https:\u002F\u002Fwww.darkreading.com\u002Fics-ot-security\u002Fquantum-resistant-data-diode-secures-sensitive-data-on-edge-devices-critical-systems","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fblt2152db397dbc068e\u002F67f674413959ee0d3cb2a4eb\u002FQuantum_(1800)_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-03-02T12:55:27+00:00",[],[405],{"id":406,"title":407,"slug":408,"description":409,"url":410,"start_date":411,"end_date":16,"location":412,"is_virtual":413,"category":414,"tags":415},"6fa210c6-22c9-499c-9044-a3bf4b032f56","IEEE Symposium on Security and Privacy (SP) 2026","ieee-symposium-on-security-and-privacy-sp-2026","The IEEE Symposium on Security and Privacy (SP) 2026 is a cornerstone event for the cybersecurity research community. Building on a legacy of decades, this premier conference features peer-reviewed research papers on critical security and privacy topics. Attendees include academic researchers, industry practitioners, and security professionals who engage with cutting-edge research and emerging security challenges.","https:\u002F\u002Fwww.ieee-security.org\u002F","2026-05-18","San Francisco, United States",false,"conference",[5,416,417],"privacy","vulnerability-management",[],[],47]