The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. 

The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.

The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests.

The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.

Reuters reports that Charles Lieber, the former Harvard scientist convicted of lying to U.S. authorities about payments and ties to China, is now leading China's state-funded i-BRAIN lab in Shenzhen, where he has access to advanced nanofabrication tools and primate research facilities for brain-computer interface work. From the report: Charles Lieber, 67, is among the world's leading researchers in brain-computer interfaces. The technology has shown promise in treating conditions such as ALS and restoring movement in paralyzed patients. But it also has potential military applications: Scientists at China's People's Liberation Army have investigated brain interfaces as a way to engineer super soldiers by boosting mental agility and situational awareness, according to the U.S. Defense Department. Lieber was found guilty by a jury and convicted in December 2021 of making false statements to federal investigators about his ties to a Chinese state program to recruit overseas talent, and tax offenses related to payments he received from a Chinese university. He served two days in prison and six months under house arrest, and was fined $50,000 and ordered to pay $33,600 in restitution to the Internal Revenue Service. During the case, his defense said he was suffering from an incurable lymphoma, which was in remission, and he was fighting for his life. Three years after he was sentenced, Reuters has learned that Lieber is now overseeing China's state-funded i-BRAIN, or the Institute for Brain Research, Advanced Interfaces and Neurotechnologies, with access to dedicated nanofabrication equipment and primate research infrastructure unavailable to him at Harvard. The lab is an arm of the Shenzhen Medical Academy of Research and Translation, or SMART. "I arrived on April 28, 2025 with a dream and not much more, maybe a couple bags of clothes," Lieber said of his move to China at a Shenzhen government conference in December. "Personally, my own goals are to make Shenzhen a world leader." SMART last year appointed Lieber as an investigator, according to a post on i-BRAIN's website dated May 1, 2025. That news was covered by some media outlets. The same day, i-BRAIN said Lieber had also been appointed its founding director -- an announcement that went unreported at the time. This story is the most comprehensive account of Lieber's activities since he moved to China. Reuters is reporting for the first time that his lab has access to dedicated primate research facilities and chip-making equipment; that it sits within a sprawling ecosystem of state-backed institutions bankrolled by billions of dollars in government funding; and that it is housed within an institution that is luring top scientific talent back from the United States.

Read more of this story at Slashdot.

On Tuesday, Zambia’s Minister of Technology and Science offered the first hint that the conference would be cancelled, telling a Zambian news outlet that participants’ security clearances were incomplete and that the government has concerns about the conference’s “dialogue.”

The aim of the campaigns was to steal credentials and likely enable “follow-on operations in the interest of the Chinese government,” the report said.

A member of Silk Typhoon, Xu Zewei is accused of launching cyberattacks against universities in the US.

The post Alleged Chinese State Hacker Extradited to US appeared first on SecurityWeek.

A Chinese national allegedly involved in a massive, pandemic-era attack spree that compromised nearly 13,000 U.S. organizations was extradited from Italy to the United States and formally charged in federal court, the Justice Department said Monday.

Xu Zewei and his co-conspirators are accused of exploiting a string of zero-day vulnerabilities in Microsoft Exchange Server to steal research on COVID-19 vaccines, treatment and testing during the initial wave and subsequent height of the pandemic.

His alleged crimes, directed by China’s intelligence services, were part of a broader espionage campaign known as HAFNIUM, which targeted infectious disease experts, law firms, universities, defense contractors and policy think tanks, according to an indictment filed against Xu and Zhang Yu, who remains at large. 

The China state-sponsored threat group behind those attacks against Microsoft customers, and many other vendors’ customers since, is now more widely known as Silk Typhoon.

“Xu will now answer for his alleged role in HAFNIUM, a group responsible for a vast intrusion campaign directed by China’s Ministry of State Security that compromised more than 12,700 U.S. organizations,” Brett Leatherman, assistant director of the FBI’s Cyber Division, said in a statement.

“He is one of many contractors the Chinese government uses to obscure its hand in cyber operations, and others who do the same face the same risk,” he added.

Xu allegedly committed the attacks while working for Shanghai Powerock Network, one of many companies that conducted attacks for China’s various intelligence services, according to court records.

Italian authorities arrested Xu at the United States’ request in Milan in July. His capture underscores a window of opportunity U.S. officials and allies can take when nation-state attackers travel to countries that cooperate with the United States.

Italy extradited Xu to the United States Saturday but didn’t release his extradition orders until Monday, Simona Candido, his attorney in Italy, told CyberScoop.

Officials said Monday marked Xu’s first appearance in the U.S. District Court for the Southern District of Texas. He is currently being held at a federal prison in Houston.

“We have pursued this moment across years and continents, and the message this office sends today is the same one we sent when we first unsealed this indictment: we will work to protect the American people,” John G.E. Marck, acting U.S. attorney for the Southern District of Texas, said in a statement.

Xu allegedly worked under the direction of China’s Ministry of State Security’s Shanghai State Security Bureau to break into U.S. organizations’ networks, steal data and implant webshells for persistent remote access. Officials also accuse Xu of stealing information regarding U.S. policymakers and government agencies from a global law firm with offices in Washington. 

Microsoft first warned customers about the HAFNIUM campaign in March 2021. The FBI and Cybersecurity and Infrastructure Security Agency followed soon after with a joint advisory about the widespread compromise of Microsoft Exchange Server. 

“Today’s law enforcement action demonstrates the real-world consequences of this state-led activity, which is fueled by a vast network of private companies operating under the direction of the Chinese government,” Aaron Shraberg, senior team lead of global intelligence at Flashpoint, told CyberScoop.

“Extraditing these individuals from countries in coordination with international law enforcement demonstrates a united stance on these actions, and the importance of bringing real-world consequences to China’s notorious targeting of not just the American people and their businesses, but individuals globally as well,” Shraberg added.

Xu is charged with conspiracy to commit wire fraud; two counts of wire fraud; conspiracy to cause damage to and obtain information by unauthorized access to protected computers, to commit wire fraud, and to commit identity theft; two counts of obtaining information by unauthorized access to protected computers; two counts of intentional damage to a protected computer; and aggravated identity theft. 

The 34-year-old faces up to 62 years in prison for his alleged crimes.

The post Chinese national extradited to US for pandemic-era Silk Typhoon attacks appeared first on CyberScoop.

The Trump administration is vowing to crack down on foreign tech companies’ exploitation of U.S. artificial intelligence models.

The post Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US appeared first on SecurityWeek.

A state-sponsored hacking group has implanted a custom backdoor on Cisco network security devices that can survive firmware updates and standard reboots, U.S. and British cybersecurity authorities disclosed Thursday, marking a significant escalation in a campaign that has targeted government and critical infrastructure networks since at least late 2025.

The Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre jointly published a malware analysis report identifying the backdoor, code-named Firestarter. Cisco’s threat intelligence division, Talos, attributed the malware to a threat actor it tracks as UAT-4356. The company attributed the same group to a 2024 espionage campaign called ArcaneDoor, which focused on compromising network perimeter devices.

CISA confirmed it discovered Firestarter on a U.S. federal civilian agency’s Cisco Firepower device after identifying suspicious connections through continuous network monitoring. The finding prompted an updated emergency directive issued Thursday, requiring all federal civilian agencies to audit their Cisco firewall infrastructure and submit device memory snapshots for analysis by Friday.

A backdoor that outlasts patches

The central concern driving the updated directive is the attack group’s ability to persist on compromised devices, even after enterprises applied security patches Cisco released in September 2025. Those patches addressed two vulnerabilities — CVE-2025-20333, a remote code execution flaw in the VPN web server component, and CVE-2025-20362, an unauthorized access vulnerability — that UAT-4356 exploited to gain initial entry. According to CISA, devices compromised before patching may still harbor the implant.

Firestarter allows attackers to achieve persistence by manipulating the Cisco Service Platform mount list, a configuration file that governs which programs execute during the device’s boot sequence. When the device receives a termination signal or enters a reboot, the malware copies itself to a secondary location and rewrites the mount list to restore and relaunch itself after the system comes back online. 

Critically, a standard software reboot does not remove the implant. Only a hard reboot — physically disconnecting the device from its power supply — is sufficient to clear the persistence mechanism from memory, according to both CISA and Cisco.

From there, the malware injects malicious shellcode into LINA, the core networking and firewalling code of Cisco’s Adaptive Security Appliance and Firepower Threat Defense software. Once embedded, the malware intercepts a specific type of network request normally used for VPN authentication. When a request arrives containing a hidden trigger sequence, it executes code supplied by the attackers, giving them a backdoor into the device.

Ties to ongoing campaign

Cisco Talos noted that Firestarter shares significant technical similarities with a previously documented implant called RayInitiator, suggesting the tools share a common origin or development history within UAT-4356’s arsenal.

In the federal agency incident analyzed by CISA, the attackers first deployed a separate implant, called Line Viper, to gain access to device configurations, credentials, and encryption keys. Firestarter was installed shortly after, prior to Cisco’s September 2025 patches being applied to those specific devices. When the agency patched its systems, Firestarter stayed on the devices, and the actors used it to then redeploy Line Viper in March, nearly six months after the initial breach.

Cisco and CISA did not attribute the espionage attacks to a specific nation state, but Censys researchers previously said it found compelling evidence indicating a threat group based in China was behind the ArcaneDoor campaign. Censys noted it found evidence of multiple major Chinese networks and Chinese-developed anti-censorship software during its investigation into the early 2024 attacks.

The persistence vulnerability affects a broad range of Cisco hardware, including the Firepower 1000, 2100, 4100, and 9300 series, as well as the Secure Firewall 1200, 3100, and 4200 series.

Cisco has released updated software to address the persistence mechanism, though the company strongly recommends reimaging affected devices rather than relying solely on software updates where compromise is suspected.

The incident reflects a pattern increasingly seen among state-linked hackers: targeting the network edge devices that organizations rely on to enforce security boundaries. Because these appliances sit at the perimeter of enterprise and government networks, compromising them can expose internal traffic and give attackers a position to intercept credentials and communications.

CISA acknowledged active exploitation of the underlying vulnerabilities was ongoing at the time of publication.

A Cisco spokesperson told CyberScoop that customers needing assistance should contact Cisco Technical Assistance for support. CISA did not respond to a request for comment. 

The post US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied appeared first on CyberScoop.

Campaigns employing commercial surveillance vendors tracked targets by exploiting mobile phone network vulnerabilities in what researchers said Thursday was the first-ever linking of “real-world attack traffic to mobile operator signalling infrastructure.”

The two unknown parties behind the campaigns mimicked the identities of mobile phone operators with customized surveillance tools, and manipulated signaling protocols and steered traffic through network pathways to hide, according to research from the University of Toronto’s Citizen Lab.

“Our findings highlight a systemic issue at the core of global telecommunications: operator infrastructure designed to enable seamless international connectivity is being leveraged to support covert surveillance operations that are difficult to monitor, attribute, and regulate,” a report published Thursday reads.

“Despite repeated public reporting, this activity continues unabated and without consequence,” Gary Miller and Swantje Lange wrote for Citizen Lab. “The continued use of mobile networks, built on a close inter-operator trust model and relied upon by users worldwide, raises broader questions for national regulators, policymakers, and the telecom industry about accountability, oversight, and global security.”

The attackers relied on identifiers and infrastructure associated with operators around the world, including networks based in Cambodia, China, the self-governing Island of Jersey, Israel, Italy, Lesotho, Liechtenstein, Morocco, Mozambique, Namibia, Poland, Rwanda, Sweden, Switzerland, Thailand, Uganda and the United Kingdom.

They shifted between SS7 and Diameter protocols, the signalling protocols known for 3G and 4G/most of 5G, respectively, according to the report. While Diameter was meant to be more secure than SS7, the Federal Communications Commission in 2024 opened a probe into both its vulnerabilities and SS7’s, and Sen. Ron Wyden, D-Ore., has asked for a Cybersecurity and Information Security Agency report about telecommunications vulnerabilities rooted in both protocols.

But identifying the vendors used in the two surveillance campaigns, or who was behind them, was beyond the researchers’ reach.

“The reality is that there are a number of known surveillance vendors and bad actors in this space, but given the opaque nature of telecommunications signalling protocols, those vendors are able to operate without revealing exactly who they really are,” Ron Deibert, director of Citizen Lab, wrote in his newsletter. “Much of the malicious things they are doing blend into the otherwise voluminous flow of billions of normal messages and roaming signals. They are ‘ghost operators’ within the global telecom ecosystem.”

One of the operators mentioned in Citizen Lab’s report, Israel-based 019 Mobile, wrote back that it didn’t recognize the hostnames referenced in the report as 019 Mobile’s network nodes, and couldn’t attribute the signaling activity it represents to 019 Mobile-operated infrastructure.

Another operator, Sure, said it has taken preventative measures to defend against misuse.

“Sure acknowledges that digital services can be misused, which is why we take a number of
steps to mitigate this risk,” CEO Alistair Beak said in a statement to CyberScoop. “Sure has implemented several protective measures to prevent the misuse of signalling services, including monitoring and blocking inappropriate signalling. Any evidence or valid complaint relating to the misuse of Sure’s network results in the service being immediately suspended and, where malicious or inappropriate activity is confirmed following investigation, permanently terminated.”

019 Mobile and a third operator, Tango Networks UK, didn’t respond to requests for comment from CyberScoop. The Citizen Lab report afforded some grace to the operators.

“It is important to note that the operator signalling addresses observed in the attacks do not necessarily imply direct operator involvement,” it states. “In some cases, access to the signalling ecosystem can be obtained through third-party providers, commercial leasing arrangements, or other intermediary services that allow actors to send messages using operator identifiers from legitimate networks.”

Updated 4/24/26: to include quote from Alistair Beak.

The post Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities appeared first on CyberScoop.

U.S. and international government agencies warned Thursday about a “widespread shift” in Chinese hacker methods toward the use of large-scale covert networks that compromise common devices to carry out a variety of attacks.

The advisory details how those networks work, and defensive steps organizations should take.

“Over the past few years there has been a major shift in the tactics, techniques and procedures (TTPs) used by China-nexus cyber actors, moving away from the use of individually procured infrastructure, and towards the use of externally provisioned, large-scale networks of compromised devices,” the warning reads.

The U.K. National Cyber Security Centre, Cybersecurity and Infrastructure Security Agency, National Security Agency, FBI and agencies from Australia, Canada, Germany, Netherlands, New Zealand, Japan, Spain and Sweden joined forces on the advisory.

It says that “multiple covert networks have been created and are being constantly updated, and that a single covert network could be being used by multiple actors. These networks are mainly made up of compromised Small Office Home Office (SOHO) routers, as well as Internet of Things (IoT) and smart devices.”

It continues: “Covert networks are used to connect across the internet in a low-cost, low-risk, deniable way, disguising the origin and attribution of malicious activity.”

Chinese information security companies create and support the networks, evidence suggests, according to the agencies. Hackers use the networks for reconnaissance, malware delivery and stealing information, they said.

Examples of the use of covert networks include activities from groups known as Volt Typhoon to pre-position on U.S. critical infrastructure, and Flax Typhoon to conduct cyber espionage.

An example of a covert network is the botnet Raptor Train, which infected 200,000 devices worldwide. The networks are large, constantly evolving and with new ones being developed constantly.

At a speech this week, NCSC CEO Richard Horne said “we know that China’s intelligence and military agencies now display an eye-watering level of sophistication in their cyber operations.”

Defenses against covert networks aren’t “straightforward,” according to the advisory, but include an assortment of common good cybersecurity practices. The largest and most at-risk organizations should engage in active hunting, tracking and mapping covert networks, using threat reporting to create blocklists and more.

“Working closely with U.S. and international partners, CISA continues to identify and warn organizations of Chinese state-sponsored cyber actors threatening critical infrastructure,” CISA Acting Director Nick Andersen said Thursday. “This advisory informs organizations of how these actors are strategically using numerous, evolving covert networks at scale for malicious cyber activity.”

The post A dozen allied agencies say China is building covert hacker networks out of everyday routers appeared first on CyberScoop.

360 Digital Security Group claims to have uncovered 1,000 vulnerabilities using AI, including at the Tianfu Cup hacking contest.

The post Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos appeared first on SecurityWeek.

CATL unveiled a new wave of EV battery tech, "including a lighter battery pack rated for a 1,000-km (621-mile) driving range and an upgraded fast-charging battery that can go from 10 percent to 98 percent in under seven minutes," reports Interesting Engineering. From the report: The launches were made during a 90-minute event in Beijing ahead of the Beijing Auto Show, where automakers are expected to showcase next-generation EVs and connected technologies. CATL said its latest Qilin battery -- a high-energy-density pack often paired with nickel manganese cobalt (NMC) cells for long range and improved space efficiency -- can deliver a 1,000-km (621-mile) driving range. It is designed to deliver long range while reducing battery pack weight. The company said the product is aimed at automakers facing tighter efficiency rules in China and other markets. It also rolled out an upgraded Shenxing battery -- CATL's fast-charging lithium iron phosphate (LFP) pack -- that targets one of the biggest barriers to EV adoption: charging time. CATL said the pack can recharge from 10 percent to 98 percent in less than seven minutes. The new Shenxing battery marks a significant improvement over CATL's previous version, which charged from 5 percent to 80 percent in 15 minutes, according to Financial Times. [...] The company also announced plans to begin mass delivery of sodium-ion batteries in the fourth quarter. Sodium-ion technology is seen as a lower-cost alternative that could reduce dependence on lithium, cobalt, and nickel.

Read more of this story at Slashdot.

Masquerading as popular cryptocurrency wallets, the apps can hijack recovery phrases and private keys.

The post Dozens of Malicious Crypto Apps Land in Apple App Store appeared first on SecurityWeek.

National Cyber Director Sean Cairncross expects more executive orders coming from the White House as part of implementing the national cybersecurity strategy, he said Wednesday.

Staffers on Capitol Hill and others in the cyber world have been awaiting the implementation guidance the Trump administration had proclaimed would come to accompany the strategy  published last month.

Asked at a Semafor event about whether that would include executive orders, Cairncross answered, “I think that that’s the case.”

The administration released an executive order on fraud the same day it released its cyber strategy on March 6. Some of that order touched on cybercrime.

“This is rolling forward actively, and you should expect that there will be more execution and action in line with our strategic goals,” he said.

Cairncross cited another administration activity that fit into the strategy, such as the first conviction last week under the Take It Down Act, a law First Lady Melania Trump advocated for that seeks to combat non-consensual AI-generated sexually explicit images, violent threats and cyberstalking.

He declined to preview any future implementation plans, and said he expected they would be coming “relatively soon.”

A centerpiece of the administration strategy is confronting adversaries to make sure they suffer consequences for their hacking of United States targets.

Cairncross wouldn’t say explicitly if Trump, in his visit to Beijing next month, would address Chinese hacking.

“When we start to see things like prepositioning on critical infrastructure, that is something that needs to be addressed,” he said. Pressed on whether that meant cyber would be on the agenda during the visit, Caincross said, “I would expect that the safety and security of the American people will be first and foremost, as it always is for the president.”

Cairncross touted American ingenuity for producing an artificial intelligence model like Anthropic’s Claude Mythos, rather than it developing under U.S. cyber rivals like China or Russia. He acknowledged reports about the administration holding meetings about the cyber risks and benefits of something like Mythos — “the model right now that everyone’s talking about” — adding that the administration is looking to balance the dangers and positive capabilities of AI in cyberspace.

“I would say from the White House perspective, we are working very closely with industry,” Cairncross said. “We’ve been in close collaboration with the model companies across the interagency to make sure that we are evaluating and doing this.”

The post Executive orders likely ahead in next steps for national cyber strategy appeared first on CyberScoop.

On March 23, the Senate confirmed Senator Markwayne Mullin as the next homeland security secretary, marking an important step in strengthening leadership during a critical moment for our nation’s security.

But only half of the job is done.

The Cybersecurity and Infrastructure Security Agency (CISA), the federal government’s main civilian cyber defense agency, still lacks a Senate-confirmed director. As global cyber threats escalate,  this prolonged leadership gap poses a growing national security risk.

As Executive Director of the National Technology Security Coalition (NTSC), I represent Chief Information Security Officers who are responsible for protecting the systems that sustain America’s economy and critical infrastructure. In every sector, energy, healthcare, financial services, manufacturing, and transportation, there is a common concern: the threat landscape is growing more aggressive, and our defenses must stay ahead.

Our enemies are not waiting.

Since the start of the conflict with Iran, cybersecurity experts have reported increased malicious cyber activity targeting U.S. and allied systems. Iran-linked actors have shown their ability to disrupt operations and exploit vulnerabilities. Meanwhile, China continues its long-term effort to infiltrate American networks and position itself for possible disruption of critical infrastructure. Russia and its affiliated groups remain persistent, probing Western systems for weaknesses and exerting constant pressure.

This is the reality of modern conflict. Cyber operations have emerged as a primary domain of competition. In some cases, they can rival the effects of traditional military action, disrupting economies, communications, and public safety through code alone. 

Leadership is important in this environment.

CISA plays a key role in coordinating federal cyber defense, sharing threat intelligence with the private sector, and supporting state and local governments. It serves as the link between government and industry in protecting the nation’s digital infrastructure. Without a Senate-confirmed director, the agency’s ability to set priorities, coordinate efforts, and respond quickly is limited.

That challenge is growing more urgent. The President’s fiscal year 2027 budget plan proposes significant cuts to CISA’s funding. At a time when the agency faces increasing operational pressure, fewer resources make strong, steady leadership even more crucial.

This is the moment when Secretary Mullin’s leadership is critical.

As a former member of the Senate, Secretary Mullin understands the institution, its dynamics, and how to build consensus. He is uniquely positioned to connect with past colleagues and help advance Sean Plankey’s nomination as Director of CISA.

Plankey is highly qualified and widely respected in the cybersecurity community. His experience in the U.S. Coast Guard, at the Department of Energy securing the nation’s energy infrastructure, and in the private sector provides him with a clear understanding of both the threat landscape and the importance of public-private collaboration. At a time when coordination between government and industry is vital, these qualities are essential.

The Senate has already signaled that it takes cyberthreats seriously. It recently confirmed Lt. Gen. Joshua Rudd to lead U.S. Cyber Command and serve as director of the National Security Agency, ensuring strong leadership of America’s military cyber defense team.

Now it needs to do the same on the civilian side.

Confirming Plankey matters because the country’s main civilian cyber defense agency needs established leadership to combat adversaries who are already inside our networks, probing our systems, and preparing for the next phase of conflict.

The leadership gap at CISA has gone on long enough.

Secretary Mullin must engage. The Senate needs to act. And Sean Plankey should be confirmed without further delay.

America’s cyber defenses depend on it.

Chris Sullivan is the executive director of the National Technology Security Coalition, a nonprofit, non-partisan organization that serves as an advocacy voice for chief information security officers across the nation.

The post Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey appeared first on CyberScoop.

When Google announced last month it was moving up its own internal timeline for migrating to quantum-resistant forms of encryption, it started a broader conversation in the cybersecurity and cryptography communities: Just what was pushing one of the largest tech companies in the world to significantly accelerate its adoption of post-quantum protections for its systems, devices and data?

In the weeks since, new research has lended weight to those claims. A joint research paper from the California Institute of Technology, its tech startup Oratomic and the University of California concluded that technological advancements in neutral atom arrays indicate a quantum computer capable of breaking classical encryption may require as few as 10,000 quantum bits (or qubits), not millions as previously thought.

Qian Xu, a CalTech researcher and coauthor of the paper, said the findings are significant and indicates that such a computer could potentially be operational by the end of the decade.

“For decades, qubit count has been viewed as the main obstacle to fault-tolerant quantum computing,” Xu said in a statement. “I hope our work helps shift that perspective.”

Google’s Quantum AI division released its own research paper around the same time, outlining a twenty-fold decrease in the number of physical qubits believed to be needed to break some of the most popular forms of 256-bit elliptic curve encryption algorithms used to currently protect cryptocurrencies.

“We note that while viable solutions like [post-quantum cryptography] exist, they will take time to implement, bringing increasing urgency to act,” wrote Ryan Babbush, director of research and Hartmut Neven, vice president of engineering at Google.

Google’s decision to accelerate its shift to post-quantum encryption reflects a growing consensus.  Over the past year, CyberScoop has heard similar concerns from tech and government officials, typically centered on two quantum-related threats facing governments and businesses today.

One is the capability of foreign nations and cybercriminals to collect sensitive, encrypted data today in the hopes of breaking it later with a quantum computer. This “harvest now, decrypt later” technique is one of the main reasons proponents push for faster adoption of post-quantum encryption.

The second stems from a string of notable quantum computing breakthroughs over the past two years, many led by researchers in China.

Andrew McLaughlin, chief operating officer for SandboxAQ, a Software-as-a-Service company that focuses AI and quantum computing technologies, said concerns can be summed up as “hardware, math and China.

Advancements in areas like neutral atom arrays have given scientists more powerful hardware, while breakthroughs in mathematics like that in the Google research paper have found ways to use that hardware more efficiently. 

But he also pointed to what he described as exciting (and worrying) advancements in the field from some of America’s greatest international rivals.

Beijing has invested heavily in quantum computing, empowering top scientists like Pan Jianwei, a professor at China’s University of Science and Technology, with the resources and support to push the boundaries of technological development and position China as a world leader in quantum science.

Late last year, Chinese state media reported that Huanyuan 1, a 100-qubit quantum computer developed by researchers at Wuhan University on a Chinese government grant program, had been approved for commercial use. The reports claim that orders worth more than 40 million yuan (or $5.6 million dollars) have already been processed in sales, including to subsidiaries at domestic telecom China Mobile and the government of Pakistan.

Experts say quantum computers pose a potentially exceptional threat to blockchain-based cryptocurrencies.

Nathaniel Szerezla, chief growth officer at Naoris Protocol, a company that develops quantum-resistant encryption for blockchain infrastructure, said the paper from Oratomic and Caltech has “shifted the timeline” for planning around quantum encryption, particularly for cryptocurrency and blockchain platforms.

The underlying assumption was a “fault tolerant” quantum computer (i.e. one capable of threatening classical encryption) would require millions of qubits, but the paper suggests that it may actually only need as few as 10,000 qubits.

“Ultimately, we have gone from planning for a threat two decades out to one that overlaps with systems actively being deployed and funded,” Szerezla said.

For digital assets like cryptocurrency, the implications are “immediate” because the private key encryption underpinning billions of dollars on the blockchain were never designed to withstand attacks from a quantum computer.

“Migrating a live blockchain to post-quantum standards is a different problem entirely from upgrading a centralized system,” Szerezla continued. “You are dealing with immutable ledgers, billions in locked liquidity, and decentralized governance that cannot mandate a coordinated upgrade.”

Not everyone believes that we are on the cusp of a quantum hacking apocalypse.

On BlueSky Matthew Green, a computer science professor and cryptography expert at Johns Hopkins University, called the Google and Oratomic papers a good “precautionary” analysis of the long-term challenge of quantum encryption.

However, he expressed skepticism that quantum computing had enough “lucrative immediate applications” to push the field beyond its foundational research stage to more practical applications. He also questioned whether some of the newer quantum-resistant algorithms vetted by NIST would truly stand up to a real quantum computer. They were designed to protect against a threat that is still largely theoretical, and several of the post-quantum algorithms initially evaluated by NIST have turned out to contain vulnerabilities that could be exploited by classical computers.

That’s if one does indeed arrive in the next decade. Green said this week that he’s not convinced quantum-enabled hacks will be something to worry about in his lifetime, though he acknowledged that prediction might “haunt him” someday.

Nevertheless, “I’d bet huge amounts of money against a relevant quantum computer by 2029 or even 2035,” he wrote.

The post Why is the timeline to quantum-proof everything constantly shrinking? appeared first on CyberScoop.

Longtime Slashdot reader walterbyrd shares a report from Fuel Cells Works: China says the AEP100, a megawatt-class hydrogen-fueled turboprop engine developed by the Aero Engine Corporation of China, has completed its maiden flight on a 7.5-ton unmanned cargo aircraft in Zhuzhou, Hunan. The 16-minute test covered 36km at 220km/h and 300 meters altitude, with the aircraft returning safely after completing its planned maneuvers. State media described it as the world's first test flight of a megawatt-class hydrogen-fueled turboprop engine. [...] The Aero Engine Corporation of China (AECC) says the result shows China now has a full technical chain for hydrogen aviation engines, from core parts to system integration, which is the kind of capability needed before any industrial rollout can begin. You can watch a video of the test flight here.

Read more of this story at Slashdot.

A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads.

The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek.

President Donald Trump’s fiscal 2027 budget would slash the Cybersecurity and Infrastructure Security Agency’s total by $707 million, according to a summary released Friday, which would deeply chop down an agency that already took a big hit in Trump’s first year.

Another budget document suggests a smaller — but still substantial — hit of $361 million, with the discrepancy possibly due to the comparison points amid budget uncertainty for CISA’s parent agency, the Department of Homeland Security. DHS and CISA did not immediately respond to a request for clarification.

“At the time the Budget was prepared, the 2026 appropriations bill for the Department of Homeland Security was not enacted, and funding provided by the last continuing resolution it had been operating under (Continuing Appropriations Act, 2026, division A of Public Law 119-37, as amended by division H of Public Law 119-75) had lapsed,” the budget summary notes. “References to 2026 spending in the text and tables for programs and activities normally provided for in the full-year appropriations bill reflect the annualized level provided by the last continuing resolution.”

By either measurement, the proposed budget would cut deeply into an agency that started the Trump administration at roughly $3 billion, and would be substantially below that if Congress enacts the latest blueprint. The budget appendix says CISA would end up with slightly more than $2 billion in discretionary funding under Trump’s plan. For fiscal 2026, appropriators sought to mitigate some of Trump’s proposed CISA reductions.

The 2027 budget summary recycles identical language from the 2026 budget summary, and makes references to ending programs that CISA has already shuttered.

“The Budget refocuses CISA on its core mission — Federal network defense and enhancing the security and resilience of critical infrastructure — while eliminating weaponization and waste,” the summary states in both the 2026 and 2027 documents.

It makes references to getting rid of things that have already been cut, like “external engagement offices such as council management, stakeholder engagement, and international affairs.” It talks about ending programs focused on censorship, something CISA under the Biden administration said it never had, and on “so-called” misinformation, which CISA said it ended during the former president’s term.

Mississippi Rep. Bennie Thompson, the top Democrat on the House Homeland Security Committee, criticized the budget proposal for CISA.

“Like the President’s cyber strategy, the President’s CISA budget reflects his utter lack of understanding of the urgency of the cyber threats we face and how to mobilize the government to help confront them,” he said in a statement to CyberScoop. “As of 2023, CISA was spending $2 million on countering information operations, an effort initially launched at the behest of Congressional Republicans during the first Trump Administration.

“There is nothing that justifies a reckless $700 million cut to CISA, particularly at a time of heightened tensions with Iran and an increasingly aggressive China,” he continued. “I am committed to working with my colleagues to push back against these cuts and ensure we can protect government and critical infrastructure networks.”

The post Trump budget proposal would cut hundreds of millions more from CISA appeared first on CyberScoop.