Cryptography
-
CISA publishes post-quantum procurement guidance but experts warn it lacks operational detail
CISA published guidance on Jan. 23 listing federal products for post-quantum cryptography. Experts warned the document lacks operational detail on inventories, timelines and authentication support, complicating procurement and migration efforts.
-
NIST enters 2026 with staff cuts, tighter budget and cryptography validation backlog
NIST begins 2026 with over 700 positions shed, a smaller labs budget and a cryptographic module validation backlog that averaged 348 days per recent projects, even as the agency tests post-quantum modules and seeks automation.
-
Hard-coded cryptographic keys in Gladinet CentreStack and Triofox exploited to access web.config, Huntress says
Huntress warned that hard-coded cryptographic keys in Gladinet CentreStack and Triofox allow attackers to decrypt or forge access tickets and retrieve web.config files, enabling ViewState deserialization attempts; nine organisations have been affected and vendors have released updates.
-
Signal adds post‑quantum SPQR ratchet to its protocol
Signal announced the Sparse Post Quantum Ratchet (SPQR), to be combined with its Double Ratchet into a Triple Ratchet that Signal says will add post‑quantum protections while preserving forward secrecy and post‑compromise security, and will be rolled out gradually with formal verification and academic review.
-
WhatsApp’s Group Messaging Threatened by Lack of Cryptographic Management
Concerns have emerged about WhatsApp’s group messaging feature, which lacks necessary cryptographic measures for adding new members, potentially jeopardizing user privacy and security.
-
Study Reveals Alarming Data Risks in Popular Mobile Applications
A new zLabs study reveals critical vulnerabilities in popular mobile applications, highlighting significant risks to sensitive data amidst widespread use and inadequate security practices. Experts urge organizations to prioritize stronger application security.
