Cryptography
CyberVolk’s ransomware debut stumbles on cryptography weakness
The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free. According to SentinelOne researchers who examined the new ransomware family, the encryptor uses a hardcoded master key in the binary, which is also written in plaintext in a hidden file on […]
Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
Hackers are exploiting a new, undocumented vulnerability in the implementation of the cryptographic algorithm present in Gladinet’s CentreStack and Triofox products for secure remote file access and sharing. By leveraging the security issue, the attackers can obtain hardcoded cryptographic keys and achieve remote code execution, researchers warn. Although the new cryptographic vulnerability does not have an […]
Popular Forge library gets fix for signature verification bypass flaw
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as CVE-2025-12816 and received a high severity rating. It arises from the library’s ASN.1 validation mechanism, which allows malformed data to pass checks even when it is cryptographically invalid. […]
Samsung announces major security enhancements coming to One UI 8
Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. Key highlights include the introduction of a system-level architecture named Knox Enhanced Encrypted Protection (KEEP), upgrades to Knox Matrix, and the addition of quantum resistance to WiFi connectivity. Keeping […]
PKfail Secure Boot bypass remains a significant risk two months later
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. Known as ‘PKfail,’ and now tracked as CVE-2024-8105, the supply chain attack is caused by test Secure Boot master key (Platform Key “PK”), which computer […]
Chrome switching to NIST-approved ML-KEM quantum encryption
Google is updating the post-quantum cryptography used in the Chrome browser to protect against TLS attacks using quantum computers and to mitigate store-now-decrypt-later attacks. The upcoming change will swap Kyber used in hybrid key exchanges to a newer, and slightly modified version, renamed as Module Lattice Key Encapsulation Mechanism (ML-KEM). This change comes roughly five months […]
NIST releases first encryption tools to resist quantum computing
The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. The agency encourages system administrators to start the transition to the new algorithms as soon as possible, since timely adoption is paramount for protecting sensitive information from attackers with a […]