Critical Fortinet FortiClientEMS Flaw Allows Remote Code Execution
Fortinet disclosed a critical vulnerability (CVE‑2026‑21643) in its FortiClientEMS product, earning a CVSS 9.1 rating. The flaw is an unauthenticated SQL‑injection that allows remote code execution via crafted HTTP requests. Only FortiClientEMS 7.4.4 is affected, and Fortinet recommends upgrading to version 7.4.5 or later. No public evidence of active exploitation has been reported, but the advisory urges immediate remediation.
Reliance Global Group to Acquire Majority Stake in Post-Quantum Cybersecurity Firm Enquantum for $2.125M
Reliance Global Group announced a definitive agreement to acquire a 51% controlling interest in post‑quantum cryptography firm Enquantum Ltd. for $2.125 million, payable over ten months in milestone‑linked tranches. The acquisition will be executed through Reliance’s EZRA International Group subsidiary, with...
Leclercq American Capital Backs SandboxAQ’s Quantum-AI Platform for Cybersecurity & Advanced Simulation
Leclercq American Capital announced an equity investment in SandboxAQ, a quantum‑AI platform that blends artificial intelligence with emerging quantum technologies. SandboxAQ’s B2B suite focuses on post‑quantum cybersecurity, advanced simulation, and next‑generation sensing, aiming to protect critical infrastructure and accelerate research...
Windows Vps: How It Works, What To Choose, And How To Run It Safely
The episode explains what a Windows VPS is, why you’d choose it over Linux or shared hosting, and how to run it securely. It stresses that buying a Windows VPS also means buying responsibility for updates, access control, and backups,...
Unhackable Random Number Generator Sidesteps Device Flaws for Ultimate Security
Researchers from Shanxi University and the Chinese Academy of Sciences have unveiled a semi‑device‑independent quantum random number generator (QRNG) that tolerates device imperfections while resisting general attacks. By imposing only an energy bound on emitted quantum states and applying the...
Rethinking Identity Management: From Who Has Access to What Really Matters
Traditional Identity Governance and Administration (IGA) has focused on compliance, but 99% of granted permissions remain unused, creating “Zombie Access”. This compliance‑only approach leads to rubber‑stamping, with 58% of access reviews ineffective, exposing organizations to insider threats. Integrating data governance...
Attackers Abuse SolarWinds Web Help Desk to Install Zoho Agents and Velociraptor
On February 7, 2026, Huntress confirmed active exploitation of multiple critical vulnerabilities in SolarWinds Web Help Desk (WHD), including CVE‑2025‑40551 and CVE‑2025‑26399, which permit arbitrary code execution via untrusted deserialization. Attackers leveraged the flaw to install a Zoho ManageEngine remote‑management...
The Former Head of NSA on the Future of U.S. Cybersecurity
Retired Gen. Paul Nakasone, former NSA director and U.S. Cyber Command commander, discussed his doctrine of persistent engagement, its role in safeguarding recent U.S. elections, and the evolving cyber threat landscape. He highlighted the need for broader public‑private partnerships, a...
Can You Fly That Thing?
The post argues that AI "skills"—executable English‑written programs—transform conversational agents into operators capable of performing specific tasks. It highlights the rapid growth of public skill repositories, with tens of thousands of community‑built skills amassing thousands of GitHub stars. For consumers,...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83
Security Affairs released its Malware Newsletter Round 83, curating the latest research and incident reports across the global malware landscape. The edition spotlights 341 malicious capabilities uncovered in the ClawHavoc bot, APT28’s exploitation of CVE‑2026‑21509, and Amaranth‑Dragon’s weaponization of CVE‑2025‑8088 for...
The Rise of Quantum-Resistant Cryptography: Why 2026 Demands a New Security Paradigm
The episode explains how quantum-resistant cryptography is becoming essential in 2026 as quantum computers threaten traditional encryption like RSA and ECC. It outlines the rapid shift from research to standards, highlighting NIST’s upcoming post‑quantum standards and the surge in industry...
Security Implications of DORA AI Capabilities Model
The DORA AI Capabilities Model highlights how AI can reshape software delivery while exposing critical security concerns. It recommends a layered, least‑privilege access model, centralized proxy routing, and strict version‑control practices to safeguard sensitive data. Human‑in‑the‑loop reviews, audit‑ready platforms, and...
Quantum Cryptography’s Secret Key Rates Boosted by New Entropy Link
Researchers have linked two‑way quantum key distribution, specifically advantage distillation, to asymptotic hypothesis testing using an integral representation of relative entropy. This theoretical bridge yields tighter upper and lower bounds on secret‑key rates, outperforming traditional fidelity‑based limits at short and...
Quantum Encryption Secured Against Hacking with New Digital Signal Processing Technique
Researchers have introduced a secure continuous‑variable quantum key distribution (CV‑QKD) framework that links dynamic digital signal processing (DSP) algorithms to a physically realizable optical model. Conventional dynamic DSP underestimates excess noise, inflating key‑rate estimates and risking security. The new model...
More than an IT Review: How a Network Assessment Is Essential in Healthcare Settings
Pixel Health outlines essential network assessment steps for healthcare providers, emphasizing equipment mapping, security evaluation, documentation, and service‑provider review. Periodic assessments reduce risk, optimize scalability, and prevent costly deferred maintenance. They also improve incident response by testing backup resilience. As...
Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks
A 2026 Mysterium VPN study uncovered nearly 5 million public web servers exposing Git repository metadata, with over 250,000 .git/config files leaking active deployment credentials. The misconfigurations allow attackers to reconstruct source code, steal secrets, and potentially gain cloud access. Affected...
Where Is Governance (Guidance) Going?
The article reflects on a recent conversation with product marketer Anna Daugherty about the future of API governance, emphasizing a shift toward consumer‑first perspectives. It introduces "Spotlight rules" as the next evolution of Spectral and Vacuum linting, extending governance beyond...
New Encryption Method Withstands Attacks From Both Computers and Artificial Intelligence
Researchers introduced Eidolon, a post‑quantum digital signature scheme built on the NP‑complete k‑colourability problem. By extending zero‑knowledge protocols and using Merkle‑tree commitments, the scheme compresses signatures from O(t n) to O(t log n). Empirical tests against integer‑linear‑programming, DSatur, and a custom graph neural...
Quantum Industry Canada Backs 2026 Year of Quantum Security Initiative
Quantum Industry Canada (QIC) has officially joined the global 2026 Year of Quantum Security (YQS2026) initiative, aligning Canada with an international effort to protect digital infrastructure against emerging quantum threats. The program will bring together government, industry, finance and academia...
Quantum Signatures Bypass Tricky Quantum Memory with Classical Computing Power
Researchers unveiled a quantum‑digital‑signature protocol that uses classical shadows of random quantum circuits as public keys, eliminating the need for fragile quantum memory. An enhanced state‑certification primitive improves noise tolerance and cuts sample complexity, enabling a proof‑of‑principle signature on a...
Shows Trojan-Resilient NTT Protects Post-Cryptography Against Control and Timing Faults
Researchers introduced a Trojan‑resilient Number Theoretic Transform (NTT) architecture that detects and mitigates control‑flow and timing faults on reconfigurable platforms. Implemented on an Artix‑7 FPGA, the design uses a clock‑cycle counter, control‑status register, and RENO‑based recomputation to correct anomalies. The...
SEALSQ Corp (NASDAQ: LAES) Details Quantum-Resistant Security Vision
SEALSQ Corp unveiled a "root‑to‑quantum" security platform that embeds a hardware Root of Trust into microcontrollers and TPM‑class devices, pairing it with post‑quantum cryptography and a proprietary quantum highway. The solution promises cryptographic agility, enabling seamless updates as quantum threats...
Microsoft: Info-Stealing Malware Expands From Windows to macOS
Microsoft has observed a rapid rise in information‑stealing malware targeting macOS, a shift from its traditional Windows focus. Since late 2025, threat actors have deployed macOS‑specific stealers such as DigitStealer, MacSync and Atomic macOS Stealer, often written in Python and...
Future Cars Shielded From Quantum Hacking with Adaptable Security System
Researchers at the University of Oslo have unveiled an adaptive post‑quantum cryptography framework designed for 6G vehicle‑to‑everything (V2X) networks. By predicting short‑term mobility, channel conditions, weather, and message urgency, the system dynamically selects lattice, code, or hash‑based PQC schemes. A...
Qcl-Ids Achieves 0.941 Accuracy in Quantum Continual Intrusion Detection Systems
Researchers at Johns Hopkins introduced QCL‑IDS, a quantum‑centric continual‑learning framework for intrusion detection that balances adaptation to new attacks with retention of historic threat knowledge. The system leverages Quantum Fisher Anchors and privacy‑preserved quantum generative replay to achieve mean Attack‑F1...
Fedgraph-Vasp Achieves 0.855 AML Accuracy with Post-Quantum Privacy Preservation
Researchers introduced FedGraph‑VASP, a privacy‑preserving federated graph learning framework that enables virtual asset service providers to jointly detect money‑laundering without sharing raw transaction data. The system exchanges compressed graph embeddings secured with Kyber‑512 key encapsulation and AES‑256‑GCM, delivering quantum‑resistant protection....
Quantum Cryptography Moves Closer with Working BB84 and E91 Protocols
Researchers demonstrated quantum key distribution (QKD) on IBM's superconducting quantum platform by implementing the BB84 and E91 protocols with SX‑gate operations. Using a 133‑qubit device and 128‑shot runs, they achieved zero error for BB84 and a 0.094 error rate for...
AI Didnt Break Cybersecurity
The author argues that AI did not break cybersecurity; longstanding governance failures did. AI merely amplified existing shadow‑IT practices and unclear risk ownership, exposing gaps that boards and CISOs have ignored. The piece calls for a shift from treating security...
Please Don’t Feed the Scattered Lapsus ShinyHunters
The Scattered Lapsus ShinyHunters (SLSH) extortion gang blends data theft with aggressive personal harassment, including swatting, DDoS attacks, and media pressure. Operating through chaotic Telegram channels linked to The Com cyber‑crime network, they target executives via phone‑based phishing and MFA...
Overview of Content Published in January
Didier Stevens published a concise January roundup highlighting two Python tool updates—zipdump.py 0.0.33 and hash.py 0.0.14—and three SANS Internet Storm Center diary entries covering a basic geography quiz, the release of Wireshark 4.6.3, and YARA‑X 1.11.0’s new hash function warnings....
Advances Quantum-Memory-Free QSDC with Privacy Amplification of Coded Sequences
Researchers from Georgia Tech and collaborators introduced a quantum‑memory‑free Quantum Secure Direct Communication (QSDC) protocol that relies on universal hashing and privacy amplification of coded sequences. The information‑theoretic analysis proves security against collective attacks without requiring quantum storage or complex...
WISeKey Advances Post-Quantum Space Security with 2026 Satellite PoCs
WISeKey International announced proof‑of‑concept testing of post‑quantum cryptography on satellites in late 2025, with a fully operational quantum‑resistant satellite slated for launch in the second quarter of 2026. The initiative combines hybrid Triple Key Encapsulation Mechanisms that blend PQC algorithms with...
ML-Kem-Based IPsec Advances 5G O-Ran Security Via E2 Interface Evaluation
Researchers experimentally validated post‑quantum cryptography on the 5G O‑RAN E2 interface using ML‑KEM (CRYSTALS‑Kyber) within IPsec. Their open‑source testbed compared baseline, traditional ECDH, and ML‑KEM IPsec configurations, measuring tunnel‑setup latency and xApp behavior. Results show only a 3–5 ms overhead for...
SmarterTools Patches Critical SmarterMail Flaw Allowing Code Execution
SmarterTools released build 9511 to remediate two critical SmarterMail flaws, CVE-2026-24423 and CVE-2026-23760, each scoring 9.3 on the CVSS scale. The first vulnerability allowed unauthenticated attackers to execute arbitrary OS commands via the ConnectToHub API, while the second bypassed authentication...
$15.1B Pentagon Cyber Budget Driven by Quantum Threat
The U.S. Department of Defense announced a $15.1 billion cyber budget for fiscal 2026, a sharp increase aimed at countering AI‑driven attacks and the emerging quantum computing threat. The plan prioritizes quantum‑resilient encryption, AI‑native defenses, and rapid cryptographic agility across military...
Security Proofs Advance Quantum Key Distribution with Asymmetric Failure Detection
Researchers from the University of Waterloo and NUS uncovered a critical flaw in existing Quantum Key Distribution (QKD) security proofs: they assume perfectly reliable authentication. They introduced a reduction theorem that shows protocols proven secure under ideal authentication remain secure...
Quantum Key Exchange Achieves Security Via Unsolvable Mihailova Subgroup Problem
Researchers at Shenzhen University have unveiled a quantum‑safe key‑exchange protocol that modifies the Anshel‑Anshel‑Goldfeld (AAG) scheme by drawing private keys from Mihailova subgroups of braid groups. The security hinges on the unsolvable membership problem for these subgroups, making the protocol...
Blockchain Prototype Achieves Quantum-Secure Signatures with Crystals-Dilithium, Falcon and Hawk
Researchers unveiled a functional blockchain prototype that can interchangeably employ three lattice‑based post‑quantum signature schemes—CRYSTALS‑Dilithium, Falcon and Hawk. The single‑node system decouples application logic from the cryptographic layer, allowing seamless algorithm swaps without altering core code. Comprehensive testing measured key...
Quantum Computing Advances Cryptographic Algorithms for Data Security , a Doctoral Guide
The new doctoral guide by Darlan Noetzold, Valderi Reis Quietinho Leithardt and co‑authors delivers a comprehensive overview of post‑quantum cryptography, mapping lattice, code, hash‑based, multivariate and isogeny schemes while dissecting the NIST standardisation process. It details the practical hurdles of...
EXCLUSIVE: TheDAO to Become New $220 Million Ethereum Security Fund
Unclaimed assets from the 2016 DAO hack are being pooled into a $220 million Ethereum security endowment called TheDAO Security Fund. About $13.5 million in DAO tokens and 69,420 ETH, which will be staked, form the core capital, generating roughly $8 million in annual...
Google Targets IPIDEA in Crackdown on Global Residential Proxy Networks
Google and partners disrupted the IPIDEA residential proxy network, one of the world’s largest, by taking down domains, sharing intelligence, and enforcing Play Protect. The operation removed SDKs embedded in millions of Android, Windows, iOS, and WebOS apps, sharply reducing...
Why a Gradual Move Away From US Tech Is a Good Idea
Brian Honan’s article in the Irish Examiner warns Irish small businesses and families that dependence on US‑based technology platforms can jeopardise digital sovereignty. He cites scenarios where tariffs, sanctions or policy shifts could abruptly block access to email, documents or...
Forget Predictions: True 2026 Cybersecurity Priorities From Leaders
BH Consulting’s CEO Brian Honan was featured in Security Week, outlining the firm’s view of the top cybersecurity priorities for 2026. The piece highlights BH Consulting’s 20‑year track record, ISO‑27001 certification, and its portfolio of services including CISO/DPO as‑a‑service, audits...
Bridging Compliance and Cybersecurity in Financial Reporting in 2026
The SEC is drafting rules that will require public companies to disclose their cybersecurity controls as part of regular financial reporting. This links cyber risk directly to compliance, forcing firms to treat security as a core reporting element. The article...
Universal Privacy Framework Achieves Untrusted Data Security in Distributed Quantum Sensing
Researchers from Korea Institute of Science and Technology and Yonsei University introduced a universal operational privacy framework for distributed quantum sensing. The framework defines privacy through the experimentally accessible classical Fisher information matrix, making it protocol‑independent and applicable to singular...
SEALSQ to Showcase Post-Quantum Cybersecurity Solutions at Tech&Fest 2026 in Grenoble
SEALSQ Corp (NASDAQ: LAES) will display its post‑quantum cybersecurity portfolio at Tech&Fest 2026 in Grenoble on February 4‑5, highlighting hardware‑based roots of trust. The French subsidiary, SEALSQ France, builds on three decades of secure‑semiconductor expertise inherited from Gemplus and employs nearly 200 staff...
Satellite Quantum-Internet to Reach $1.82B in 2026 with 32.9% CAGR
A new ResearchAndMarkets.com report projects the satellite quantum‑internet market to reach $1.82 billion in 2026, up from $1.37 billion in 2025, representing a 32.9% compound annual growth rate. The market is expected to expand to $5.63 billion by 2030 with a sustained 32.6%...
Data Protection Day 2026: Addressing Common Challenges
The Data Protection Day 2026 blog highlights six persistent GDPR challenges—stale ROPAs, weak retention schedules, overlooked paper records, unprepared DSAR processes, outdated accountability documentation, and insufficient vendor risk controls. It explains how each issue creates hidden exposure and offers concrete...
Texas Declares War on Chinese Tech — And It’s Getting Weird
Governor Greg Abbott announced an expanded ban on Chinese‑linked technology for Texas state employees, prohibiting hardware, software, and AI tools from firms such as Alibaba, Shein, Temu, TP‑Link and CATL. The measure, framed as a privacy safeguard against foreign surveillance,...
SuperQ Quantum Appoints Cybersecurity Veteran to Lead Post-Quantum Commercialization in 2026
SuperQ Quantum Computing Inc. announced the appointment of Brian Beveridge, a 30‑year cybersecurity veteran, as Director of Post‑Quantum Cybersecurity and Partnerships, effective Jan 22 2026. Beveridge will lead the commercialization of the company’s SuperPQC™ suite, which protects against “Harvest Now, Decrypt Later”...
