All news with #post quantum cryptography tag

🔒 The PQC Readiness Scanner automates inventory and continuous monitoring of AWS-terminated TLS endpoints — Application Load Balancer (ALB), Network Load Balancer (NLB), and Amazon API Gateway — to evaluate TLS policies for Post-Quantum Cryptography (PQC) readiness. It classifies endpoints into a three-tier framework (Tier 1: PQ-ready, Tier 2: PQ-ready with backward compatibility, Tier 3: not PQ-ready) and returns COMPLIANT/NON_COMPLIANT results with policy recommendations. Built as an AWS Config conformance pack with custom rules and Lambda functions, it supports organization-wide deployment via CloudFormation StackSets and S3-hosted artifacts. The scanner reduces manual review, tracks migration progress across accounts, and helps prioritize upgrades to TLS 1.3 with PQC key exchange.

🔒 The April 2026 AWS Security monthly digest highlights new features, hands-on samples, and security bulletins across identity, AI security, data protection, and detection. Notable posts include IAM Identity Center session tags for ABAC, guidance for securing agentic AI via the Model Context Protocol, and practical steps to adopt hybrid post‑quantum TLS for Secrets Manager. The edition also summarizes April CVEs and ships 16 runnable code samples and workshops to validate recommended controls.

🔒 Cloudflare has made post-quantum encryption generally available for Cloudflare IPsec using hybrid ML‑KEM (FIPS 203), implementing draft-ietf-ipsecme-ikev2-mlkem. The rollout enables site-to-site WAN tunnels protected against harvest-now-decrypt-later attacks and has been tested interoperably with Cisco and Fortinet branch connectors. This brings post-quantum IPsec closer to Internet-scale deployment and supports Cloudflare’s goal of full post-quantum security by 2029.

🔒AWS says long-standing infrastructure and cryptographic choices position it to address emerging AI and quantum threats. The company highlights the Nitro hardware platform — enabled by a 2015 semiconductor acquisition and deployed from 2017 — to provide strong isolation, confidential compute, and a 'zero humans' maintenance model. By favoring symmetric cryptography in KMS (launched 2013) and adding S3 controls like an 'active defense' that returns 'Bucket not found', AWS argues most customer data will not require immediate mass re-encryption while it pursues public-certificate post-quantum authentication by 2028–2029.

🔐 AWS Secrets Manager now prefers hybrid post-quantum TLS (ML‑KEM) for supported clients to reduce harvest-now, decrypt-later risk. Customers using the listed clients and SDK versions can get ML‑KEM key exchange without code changes; secrets at rest remain encrypted with AWS KMS and symmetric algorithms are considered quantum-resistant. Verify client negotiation via CloudTrail tlsDetails.keyExchange == X25519MLKEM768 and check SDK/OpenSSL requirements (for example, OpenSSL 3.5+ for Python). CRYSTALS‑Kyber support is being phased out in 2026, so upgrades are recommended to avoid fallback to traditional TLS.

🔒 Fortinet released its 2025 Sustainability Report, outlining progress in securing the digital world, reducing environmental impact, expanding cybersecurity education, and strengthening governance. The company expanded AI-driven threat protection across its portfolio and introduced quantum-safe capabilities in FortiOS. It also improved product energy efficiency—up to a 62% reduction for select models—and has trained over 914,800 people toward its 1M goal.

🔒 Rapid7 analyzed two Kyber ransomware variants discovered in March 2026 that were deployed on the same network: one targeting VMware ESXi and one targeting Windows file servers. The ESXi build advertises post‑quantum Kyber1024 but instead uses ChaCha8 for file encryption and RSA‑4096 for key wrapping. The Windows variant, written in Rust, implements Kyber1024 and X25519 to protect symmetric keys while using AES‑CTR for bulk file encryption, and includes destructive routines such as service termination, backup deletion and an experimental Hyper‑V shutdown.

🔐 Post-quantum cryptography is imminent, and Microsoft emphasizes that the biggest challenge is locating every use of cryptography across applications, devices, networks, and services. Building a comprehensive, ongoing cryptographic inventory enables risk-based decisions, crypto agility, and regulatory compliance. The article outlines a practical Cryptography Posture Management lifecycle and recommends Microsoft tools—GitHub Advanced Security, Defender suites, Azure Key Vault—and partner integrations to discover, normalize, assess, prioritize, and remediate cryptographic risks.

🔐 AWS Secrets Manager now supports hybrid post-quantum TLS key exchange using ML-KEM (a module-lattice-based KEM) to secure secret retrieval. The capability is automatically enabled in Secrets Manager Agent (v2.0.0+), Lambda Extension (v19+), and Secrets Manager CSI Driver (v2.0.0+); supported SDKs include Rust, Go, Node.js, Kotlin, Python (OpenSSL 3.5+), and Java v2 (v2.35.11+). No code or configuration changes are required for up-to-date clients except Java v2. You can verify hybrid key exchange in CloudTrail GetSecretValue events by checking the tlsDetails field for the X25519MLKEM768 algorithm.

🛡️ Quantum computing is moving from theoretical risk to an imminent threat that undermines current cryptographic protections. Advances in algorithms and reduced qubit requirements mean timelines once measured in decades are now years, prompting Gartner in late 2025 to elevate Post-Quantum Cryptography migration to a board-level priority ahead of 2030. Organizations must inventory sensitive assets, prioritize store-now-decrypt-later risks, and begin crypto-agility planning immediately.

🔐 Cloudflare says it is “actively adjusting” its post-quantum cryptography priorities after Google moved its PQC migration deadline up to 2029, citing algorithmic advances. The company reports that more than half of its traffic is already protected against harvest-now/decrypt-later using ML-KEM (a PQC standard ratified in 2024), and plans to deploy post-quantum certificates in 2027 to guard against active attacks. Bas Westerbaan noted Google demonstrated a breakthrough with a zero-knowledge proof while withholding key details.

🔒 Cloudflare is accelerating its post-quantum roadmap and now targets 2029 to achieve full post-quantum security, explicitly including post-quantum authentication. The company already enabled post-quantum encryption for the majority of human traffic to mitigate harvest-now/decrypt-later risks, but new algorithmic and hardware advances (notably Google’s reported speedups and Oratomic’s neutral-atom estimates) make authentication the urgent priority. Cloudflare will enable PQ defaults for customers at no extra cost.

🔒 FortiOS 8.0 delivers a unified operating system to simplify security and networking across hybrid, multi-cloud, and IT/OT environments. The release consolidates controls through the Fortinet Security Fabric and adds features such as SASE Outpost, Sovereign SASE, unified SD‑WAN, and multipath IPsec for resilient connectivity. It also extends OT support and compliance with standards like NERC CIP and IEC 62443. Key risk-focused updates include MCP observability, image OCR in FortiGuard DLP, agentic AI automation, and FIPS 204/205 hybrid cryptography to mitigate quantum risk.

🔒 Google announced a plan to complete a transition to post-quantum cryptography across its services by 2029. Security expert Bruce Schneier welcomes the decision, arguing the primary benefit is improved crypto-agility rather than an imminent quantum threat. The timeline allows Google to test implementations, assess performance and interoperability impacts, and coordinate with evolving standards. Early adoption can reduce the risk of retrospective decryption and signals leadership that may accelerate broader industry migration.

🔬 Charles Bennett and Gilles Brassard have been awarded the 2026 Turing Award for inventing quantum cryptography. Bruce Schneier welcomes the recognition but reiterates his view that, while scientifically impressive, the technology is largely unnecessary for most practical security problems. In a 2008 essay, he argued that quantum key exchange doesn’t address the usual weak points of systems and that effort is better spent on system-level security and crypto agility.

🔒 Google warns that advances in quantum computing could render widely used public-key cryptography vulnerable as early as 2029, increasing the risk of store-now-decrypt-later attacks. The company points to progress in quantum hardware, error correction and factoring resource estimates that compress migration timelines. To reduce exposure, Google will include post-quantum digital signature protection in Android 17, aligned with NIST recommendations. It urges organizations to treat post-quantum cryptography migration as an immediate operational priority rather than a distant compliance task.

🔒Google announced it is accelerating its post-quantum cryptography migration, setting 2029 as the new target to phase out quantum-vulnerable algorithms and prioritizing PQC for authentication services. The company cites rapid improvements in quantum hardware, error correction and algorithmic estimates that drastically reduce the qubit requirements to break common asymmetric encryption. Google urged other engineering teams and hyperscalers to follow suit, warning that adversaries may already be collecting encrypted data for future decryption.

🔔 This week’s ThreatsDay Bulletin captures a quieter, sneakier cadence: big-picture progress on cryptography and AI set against a steady churn of pragmatic abuse. Google accelerated a PQC migration to 2029 and GitHub is bringing AI-powered detections into the PR workflow, while threat actors keep innovating around trust — using pirated ISOs, fake extensions, firmware implants and clever phishing to scale backdoors, credential theft and fraud. The common thread is operational efficiency: takedowns and disruptions are temporary, but the workflows keep returning.

🔒 Google is introducing post-quantum cryptography support in Android 17, integrating NIST’s lattice-based standards into boot, keystore, and app signing to establish a quantum-resistant chain of trust. The release adds ML-DSA to Android Verified Boot and migrates KeyMint certificate chains and Remote Attestation toward PQC compliance. Developers gain native support for ML-DSA-65 and ML-DSA-87 via the KeyPairGenerator API, and Google Play will offer hybrid APK signing with keys managed by Google Cloud KMS to preserve compatibility during migration.

🔐 Google announces a company-wide timeline targeting 2029 for migration to post-quantum cryptography (PQC) to protect against future quantum threats. The timeline reflects advances in quantum hardware, error correction, and factoring estimates, and prioritizes PQC for authentication services to guard digital signatures. Google cites ongoing integrations — including Android 17 using ML-DSA, Chrome support, and Cloud offerings — as concrete commitments and urges other teams and organizations to accelerate their own migrations.