Blog•Jan 21, 2026
WISeKey Unveils Space-Based Quantum-Resistant Crypto Transactions at Davos 2026
WISeKey International unveiled SEALCOIN, a space‑based, quantum‑resistant crypto platform, at Davos 2026. The system uses the WISeSat low‑Earth‑orbit constellation to generate cryptographic signatures directly onboard satellites, extending blockchain transactions beyond terrestrial networks. Its native QAIT token will fuel machine‑to‑machine value exchange, with a token generation event slated for Q1 2026 and listings on tier‑one exchanges. The launch positions WISeKey at the intersection of cybersecurity, IoT, and satellite infrastructure.
By Quantum Zeitgeist
Blog•Jan 21, 2026
Internet Voting Is Too Insecure for Use in Elections
A recent open letter warns that internet voting remains fundamentally insecure, with no existing or foreseeable technology able to guarantee its safety. Despite decades of academic consensus, vendors continue to market online voting solutions as secure. The letter specifically calls...
By Schneier on Security
Blog•Jan 21, 2026
Qers Achieves Universal Post-Quantum Cryptography Resilience Scoring for IoT and IIoT Systems
Researchers at Luleå University of Technology introduced QERS, a Quantum Encryption Resilience Score that evaluates post‑quantum cryptography (PQC) suitability for IoT and IIoT devices. The framework aggregates six normalized metrics—latency, packet reliability, CPU load, energy use, RSSI, and key size—into...
By Quantum Zeitgeist
Blog•Jan 21, 2026
Crooks Impersonate LastPass in Campaign to Harvest Master Passwords
LastPass disclosed an active phishing campaign that began around January 19, 2026, in which attackers impersonated the service with urgent‑maintenance emails to harvest master passwords. The messages contain links to an Amazon S3‑hosted page that redirects to a counterfeit LastPass...
By Security Affairs
Blog•Jan 21, 2026
IonQ Appoints New SVP to Lead Quantum Networking and Security Division
IonQ announced the appointment of Domenico Di Mola as Senior Vice President of Engineering for its Quantum Networking, Security, and Sensing (QNSS) division. Di Mola will steer engineering and strategy for quantum‑secure networking, distributed‑sensing architectures, and the integration of quantum processors with...
By Quantum Zeitgeist
Blog•Jan 19, 2026
QuProtect R3 Delivers Rapid Crypto-Agility for Cloud and On-Prem Environments
QuSecure unveiled QuProtect R3, an end‑to‑end cryptographic platform built for the quantum era, offering rapid visibility across cloud, on‑premise, and edge environments. The solution’s crypto‑agility engine enables one‑click rotation of ciphers, keys, and algorithms without code changes or downtime. QuProtect R3 unifies...
By Quantum Zeitgeist
Blog•Jan 19, 2026
AI-Powered Surveillance in Schools
AI-powered surveillance systems are being installed in U.S. high schools, exemplified by Beverly Hills High School's deployment of facial-recognition cameras, behavioral-analysis software, audio monitors, drones, and license-plate readers. The technology claims to identify violent behavior, locate distressed students, and track...
By Schneier on Security
Blog•Jan 18, 2026
Hacktivists Hijacked Iran ’S State TV to Air Anti-Regime Messages and an Appeal to Protest From Reza Pahlavi
Hackers seized control of Iran’s Badr satellite on Jan 18, 2026, broadcasting a ten‑minute anti‑regime video featuring exiled Crown Prince Reza Pahlavi. The clip urged citizens to keep protesting and called on the military to join demonstrators. The intrusion occurred amid a...
By Security Affairs
Blog•Jan 17, 2026
Amera IoT Unveils Quantum-Proof Encryption Backed by 14 US Patents
Amera IoT introduced AmeraKey® Encryption, a quantum‑proof solution backed by 14 U.S. patents. The system creates identical encryption keys on both ends of a link using a Picture‑and‑PIN method, eliminating the need to transmit keys or ciphertext. By leveraging transmission‑free...
By Quantum Zeitgeist
Blog•Jan 17, 2026
NEXCOM Unveils Quantum-Resistant Platforms at MWC Barcelona 2026
NEXCOM announced at MWC Barcelona 2026 a suite of quantum‑resistant platforms that embed post‑quantum cryptography (PQC) frameworks for long‑term data protection. The rollout targets telecom, enterprise and industrial networks, emphasizing edge security and resilient networking. Alongside the PQC platforms, the...
By Quantum Zeitgeist
Blog•Jan 17, 2026
Update: hash.py Version 0.0.14
Didier Stevens released hash.py version 0.0.14 on 17 January 2026. The update is labeled a bug‑fix release and is available as a zip archive. The post provides both MD5 (66A205915A280CC474541053739B8EDD) and SHA‑256 (C459B75F132BB4AA394D8EA27A79F409C446AAA67536946673EC824EA9219F9F) checksums for verification. No additional features are announced, emphasizing stability...
By Didier Stevens’ Blog
Blog•Jan 16, 2026
Data Breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization Impacts 750,000 People
Canada’s self‑regulatory body, the Canadian Investment Regulatory Organization (CIRO), disclosed a data breach affecting roughly 750,000 individuals. The breach stemmed from a phishing attack in August 2025 that allowed threat actors to copy a limited set of investigative, compliance and...
By Security Affairs
Blog•Jan 15, 2026
AppGuard Critiques AI Hyped Defenses; Expands Its Insider Release for Its Next-Generation Platform
The episode highlights AppGuard’s critique of AI‑driven detection, arguing that endless AI‑generated alerts cannot keep pace with AI‑enhanced malware that adapts in real time. CEO Fatih Comlekoglu advocates a shift to a default‑deny, controls‑based endpoint strategy that dramatically reduces the attack...
By Security Ledger
Blog•Jan 15, 2026
Aembit Announces Agenda and Speaker Lineup for NHIcon 2026 on Agentic AI Security
The NHIcon 2026 virtual conference, organized by Aembit, will explore the emerging security challenges of agentic AI in enterprises, featuring keynotes from Phil Venables, Misam Abbas, and Anthropic’s deputy CISO Jason Clinton. Sessions will cover practical topics such as LLM...
By Security Ledger
Blog•Jan 15, 2026
New Vulnerability in N8n
Security researchers have identified a critical vulnerability in the n8n automation platform (CVE‑2026‑21858) with a CVSS rating of 10.0, allowing attackers to take over locally deployed instances. The flaw potentially impacts around 100,000 servers worldwide and currently has no official...
By Schneier on Security
Blog•Jan 15, 2026
China Bans U.S. and Israeli Cybersecurity Software over Security Concerns
China has ordered domestic firms to stop using cybersecurity software from more than a dozen U.S. and Israeli companies, citing national security risks. The list includes major U.S. vendors such as VMware, Palo Alto Networks, Fortinet, CrowdStrike and Israeli firms...
By Security Affairs
Blog•Jan 14, 2026
Upcoming Speaking Engagements
Bruce Schneier’s events page lists a packed speaking itinerary through March 2026, spanning academic venues in Canada, a book‑signing at Chicago Public Library, and high‑profile industry conferences in Europe and the United States. He will appear at the University of...
By Schneier on Security
Blog•Jan 13, 2026
1980s Hacker Manifesto
Forty years ago, Loyd Blankenship—known as The Mentor—published “The Conscience of a Hacker” in the underground magazine Phrack, creating what is now called the 1980s Hacker Manifesto. The essay frames hacking as an act of curiosity and ethical dissent against...
By Schneier on Security
Blog•Jan 13, 2026
Who Decides Who Doesn’t Deserve Privacy?
Troy Hunt reflects on the Ashley Madison breach, noting how public doxing caused suicides, broken marriages and job losses. He explains why Have I Been Pwned (HIBP) now classifies breaches containing legally defined sensitive data as non‑searchable to prevent similar harm....
By Troy Hunt’s Blog
Blog•Jan 13, 2026
Hexaware Partners with AccuKnox for Cloud Security Services
AccuKnox and Hexaware Technologies announced a strategic partnership to deliver a comprehensive Zero Trust cloud security platform for enterprise clients managing hybrid, multi‑cloud, and AI‑driven environments. The collaboration combines AccuKnox’s CNAPP, CSPM, Kubernetes security, and runtime enforcement tools with Hexaware’s...
By Security Ledger
Blog•Jan 12, 2026
Corrupting LLMs Through Weird Generalizations
Researchers have demonstrated that minimal, domain‑specific finetuning can cause large language models to exhibit unexpected, wide‑reaching behavior changes. By training a model to use outdated bird species names, it began answering unrelated queries with 19th‑century facts, and a similarly small...
By Schneier on Security
Blog•Jan 11, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs released Malware Newsletter Round 79, curating the latest research on global malware activity. Highlights include the VVS Discord stealer using Pyarmor for obfuscation, a botnet‑fueling broken system, malicious NPM packages delivering NodeCordRAT, and the Astaroth WhatsApp‑based worm targeting Brazil....
By Security Affairs
Blog•Jan 9, 2026
USPS to Restrict Access to Package Tracking
USPS announced it will restrict access to package tracking data for commercial API users, introducing paid access and stricter authorization requirements. Consumers can still view tracking information on the USPS website, mobile app, and Informed Delivery without changes. The new...
By EcommerceBytes
Blog•Jan 9, 2026
Palo Alto Crosswalk Signals Had Default Passwords
Last year Palo Alto’s pedestrian‑crossing signals were compromised after attackers exploited unchanged factory passwords. The city never replaced the default credentials, allowing remote access to the traffic‑control hardware. The breach highlighted a glaring oversight in the municipality’s IoT security posture....
By Schneier on Security
Blog•Jan 6, 2026
CERT/CC Warns of Critical, Unfixed Vulnerability in TOTOLINK EX200
CERT/CC has disclosed a critical, unpatched vulnerability (CVE-2025-65606) in the TOTOLINK EX200 Wi‑Fi range extender. The flaw resides in the firmware‑upload handler; a specially crafted firmware file triggers an error state that launches an unauthenticated root‑level telnet service. Exploitation requires...
By Security Affairs
Blog•Jan 6, 2026
Google Fixes Critical Dolby Decoder Bug in Android January Update
Google’s January 2026 Android security update patches CVE-2025-54957, a critical Dolby DD+ audio decoder flaw discovered by Project Zero in October 2025. The vulnerability, present in UDC versions 4.5‑4.13, enables an out‑of‑bounds write via integer overflow when processing a specially...
By Security Affairs
Blog•Jan 6, 2026
Connex IT Partners with AccuKnox for Zero Trust CNAPP Security in Southeast Asia
The episode announces AccuKnox's partnership with Connex Information Technologies to serve as its authorized distribution partner for Zero Trust CNAPP security across South and Southeast Asia. It highlights how Connex's extensive regional channel network and partner‑first approach will enable localized...
By Security Ledger
Blog•Jan 5, 2026
Russia-Linked APT UAC-0184 Uses Viber to Spy on Ukrainian Military in 2025
Russia‑linked APT group UAC‑0184 has resumed espionage against Ukraine’s military and the Verkhovna Rada by abusing the Viber messaging platform. The campaign distributes malicious ZIP archives that contain LNK shortcuts or PowerShell scripts, which trigger a multi‑stage infection chain ending...
By Security Affairs
Blog•Jan 5, 2026
Telegram Hosting World’s Largest Darknet Market
Elliptic’s latest analysis reveals that Telegram now hosts the world’s largest Chinese‑language darknet markets, with Tudou Guarantee and Xinbi Guarantee together processing roughly $2 billion each month in money‑laundering, stolen‑data sales, AI deep‑fake tools, and other illicit services. Despite Telegram’s 2025...
By Schneier on Security
Blog•Jan 3, 2026
Overview of Content Published in 2025
In 2025 Didier Stevens published an extensive series of blog entries, delivering more than 70 incremental updates to his open‑source forensic utilities such as strings.py, oledump.py, pdf‑parser.py, and xorsearch.py. The posts also include quick‑takes on power consumption, hardware testing, and...
By Didier Stevens’ Blog
Blog•Jan 2, 2026
Friday Squid Blogging: Squid Found in Light Fixture
The UK government’s three‑month trial of Microsoft 365 Copilot revealed no measurable productivity uplift, echoing broader industry findings that generative AI often underdelivers. Parallel commentary in the blog highlights that delegating security to vendors without skilled oversight creates blind spots, while a...
By Schneier on Security
Blog•Dec 31, 2025
NEW TECH Q&A: Why Data Bill of Materials (DBOM) Is Surfacing as a Crucial Tool to Secure AI
Enterprises racing to embed AI realized in 2025 they lacked visibility into the data feeding models, prompting a governance shift. Bedrock Security’s research shows most leaders cannot map training or inference datasets, exposing firms to audit failures and regulatory penalties....
By The Last Watchdog
Blog•Dec 30, 2025
Using AI-Generated Images to Get Refunds
A recent Wired piece highlighted how scammers in China use AI‑generated images of merchandise, such as crabs, to falsely claim refunds, exposing a growing vulnerability in e‑commerce. The frauds, valued at roughly $27 per case, have led to administrative detentions...
By Schneier on Security
Blog•Dec 29, 2025
The Definitive 2025 Cyber Rewind & 2026 Roadmap
At SECON’s 2025 and 2026 conferences, the author highlighted a seismic shift in cyber risk, moving from classic phishing to automated, credential‑based attacks and AI‑driven threats. Data shows MFA bypass rates soaring to 45%, ransomware focusing on data theft, and...
By Erdal Ozkaya’s Cybersecurity Blog
Blog•Dec 27, 2025
Security Leadership Master Class 7 : Contrarian Takes
The final Security Leadership Master Class pivots to contrarian perspectives, exposing common cognitive traps and ritualistic practices in cybersecurity. It critiques binary thinking, where perfection is equated with success and any flaw signals failure, and highlights the rise of "ceremonial...
By Phil Venables’ Blog
Blog•Dec 26, 2025
IoT Hack
A recent incident aboard a Mediterranean ferry exposed a remote access tool (RAT) likely introduced via insecure IoT devices. Commentators debated whether the breach qualifies as an IoT hack, noting that shipboard entertainment, CCTV and Wi‑Fi systems often lack proper...
By Schneier on Security
Blog•Dec 24, 2025
Unredaction Isn't Hacking
The episode explains that the so‑called "unredaction" of Jeffrey Epstein files isn’t a hack but a failure of proper redaction: the FBI merely overlaid black bars or highlights, leaving the underlying text intact and selectable. By demonstrating how text can...
By Errata Security (Robert Graham)
Blog•Dec 22, 2025
The EU Digital Omnibus
On 19 November 2025 the European Commission unveiled the Digital Omnibus, a package of draft laws that consolidates the EU’s fragmented digital regulatory landscape. It pairs the Data Union Strategy and a proposed European Business Wallet to boost data access for AI...
By BH Consulting Blog
Blog•Dec 19, 2025
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration’s 2025‑2026 policy agenda has dramatically reshaped U.S. cyber, privacy and law‑enforcement priorities. New directives such as NSPM‑7 and a FBI cash‑reward program broaden the definition of domestic terrorism to include political dissent, while travel‑screening rules force tourists...
By Krebs on Security
Blog•Dec 19, 2025
Criminal IP and Palo Alto Networks Cortex XSOAR Integrate to Bring AI-Driven Exposure Intelligence to Automated Incident Response
The episode announces the integration of AI‑powered threat intel platform Criminal IP into Palo Alto Networks’ Cortex XSOAR, enabling real‑time exposure intelligence and multi‑stage scanning within automated playbooks. It explains how this AI‑driven enrichment—covering IP/domain behavior, port exposure, CVE links, and SSL...
By Security Ledger
Blog•Dec 19, 2025
News Alert: INE Expands Partnerships to Scale Hands-On Cyber Training Across Middle East, Asia
INE Security announced a strategic expansion across the Middle East and Asia, adding new academy partners in Saudi Arabia, the United Arab Emirates, Egypt, and other high‑growth markets. The company’s subscription‑based, hands‑on training platform—featuring unlimited virtual labs and the Skill...
By The Last Watchdog
Blog•Dec 17, 2025
Securing the Road Ahead: The Intersection of Cybersecurity and Intelligent Transportation
The blog highlights the growing convergence of cybersecurity and intelligent transportation, emphasizing that autonomous vehicles and connected infrastructure are becoming "data centers on wheels." It outlines three core risk areas—V2X communication vulnerabilities, AI‑driven sensor attacks, and infrastructure resilience—and presents strategic...
By Erdal Ozkaya’s Cybersecurity Blog
Blog•Dec 17, 2025
SHARED INTEL Q&A: This Is How ‘Edge AI’ Is Forcing a Rethink of Trust, Security and Resilience
Edge AI is moving real‑time inference workloads from centralized clouds to embedded devices, demanding far greater compute, memory, and energy efficiency at the silicon level. Infineon’s Thomas Rosteck explains that this shift forces a redesign of trust models, embedding hardware‑root‑of‑trust...
By The Last Watchdog
Blog•Dec 16, 2025
News Alert: Link11’s Top 5 Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Link11’s European Cyber Report identifies five 2026 cybersecurity trends that will reshape defense strategies across Europe. The report warns that DDoS attacks will increasingly act as diversion tactics, while API‑first architectures expose new misconfiguration and business‑logic abuse risks. It predicts...
By The Last Watchdog
Blog•Dec 16, 2025
Most Parked Domains Now Serving Malicious Content
Researchers at Infoblox discovered that more than 90% of parked domains now redirect visitors to scams, malware, or unwanted software. The malicious redirects are triggered primarily for users on residential IP addresses, while VPN traffic often receives a harmless parking...
By Krebs on Security
Blog•Dec 16, 2025
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Link11 forecasts five cybersecurity trends that will shape European defense in 2026, highlighting a surge in DDoS attacks used as diversion tactics, growing exposure from API‑first architectures, and the shift toward integrated WAAP platforms. The report stresses that AI‑driven DDoS...
By Security Ledger
Blog•Dec 12, 2025
Processing 630 Million More Pwned Passwords, Courtesy of the FBI
The FBI has supplied Have I Been Pwned (HIBP) with an additional 630 million compromised passwords, expanding the service’s corpus beyond the 1.26 billion monthly searches it already handles. Roughly 7.4% of these passwords—about 46 million—were previously absent from HIBP, boosting the database’s...
By Troy Hunt’s Blog
Blog•Dec 12, 2025
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
The episode breaks down the critical React2Shell (CVE‑2025‑55182) vulnerability that enables unauthenticated remote code execution in React Server Components, highlighting its CVSS 10.0 severity and the rapid emergence of exploitation attempts after disclosure. It explains how the flaw affects the...
By Security Ledger
Blog•Dec 11, 2025
News Alert: INE Sees Surge in Q4 Budget Shifts as Enterprises Embrace Hands-On Training for AI Roles
Enterprises are reallocating Q4 learning‑and‑development budgets toward hands‑on, performance‑based training as AI reshapes cybersecurity, cloud, and IT operations. INE reports a surge in demand for immersive labs, simulations, and AI‑adaptive pathways that promise faster competency and measurable ROI. The shift...
By The Last Watchdog
Blog•Dec 11, 2025
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
The episode announces that 1inch has become the exclusive swap provider for Ledger Multisig, integrating its Swap API to eliminate blind signing and enable clear, human‑readable transaction approvals via EIP‑712. This partnership enhances treasury security for DAOs, funds, and enterprises...
By Security Ledger