QorTrace
QORTRACE THREAT RADAR · LIVE

The clock is
already ticking.

A live map of post-quantum and Web3 threats. Every signature you commit today is harvest-now-decrypt-later candy when fault-tolerant quantum arrives. Watch the threat surface — and the countdown — in real time.

Schedule Consult
ESTIMATED Q-DAY · 2028-10-03
817
DAYS
21
HRS
27
MIN
7
SEC
STATE OF THE ART
1,180
physical qubits
Atom Computing · Phoenix
Best logical: 24 q (Microsoft + Quantinuum)
HARVEST · NOW · DECRYPT · LATER
3,822,814,950
ECDSA signatures committed onchain (BTC + ETH)
BTC #— · ETH #25,485,434
SEE EXPOSED WALLETS →
WEEKLY THREAT BRIEFING · FREE
Tweet this view · CO
FILTERS · TAP TO TOGGLE LAYERS
NEWS_THEDEFIANTeToro Takes Strategic Stake in Onchain Derivatives Exchange Extended, Plans Zengo Tie-UpNEWS_THEDEFIANTBitMine Adds $73 Million in ETH, Pushing Holdings to 4.8% of SupplyNEWS_THEDEFIANTTether's Former CIO Heathcote Plans to Sell Equity StakeNEWS_THEDEFIANTNEAR Governance Votes to Scrap Developer Gas RebateNEWS_COINTELEGRAPHSecret Network cites AI exploit risks in proposed Arbitrum moveNEWS_COINTELEGRAPHCFTC charges commodity, crypto pool operator with $14M fraudNEWS_COINTELEGRAPHStrike launches ‘volatility-proof’ Bitcoin loans amid bear market, but at a costGHSAGHSA · pip/weblate · CVE-2026-50127GHSAGHSA · go/github.com/oasdiff/oasdiff · CVE-2026-53508GHSAGHSA · go/github.com/kedacore/keda/v2 · CVE-2026-53572GHSAGHSA · pip/Flask-Security-Too · GHSA-f66q-9rf6-8795GHSAGHSA · go/github.com/zhenorzz/goploy · CVE-2026-53553GHSAGHSA · go/github.com/zhenorzz/goploy · CVE-2026-53552GHSAGHSA · pip/ha-mcp · GHSA-q855-8rh5-jfgqGHSAGHSA · rust/rama · GHSA-cwv4-h3j5-w3cfGHSAGHSA · pip/aiosmtplib · CVE-2026-53533
FREE PQC SCAN · 1 PER DAY

Paste a wallet or contract address and we'll score its cryptographic exposure on a 0-100 scale. Free, no card, instant.

REGIONAL HOTSPOTS · 14d
NIST PQC STANDARDS
ML-KEM (Kyber)
FIPS 203 · Key Encapsulation
STANDARDISED
2024
ML-DSA (Dilithium)
FIPS 204 · Digital Signature
STANDARDISED
2024
SLH-DSA (SPHINCS+)
FIPS 205 · Hash-based Signature
STANDARDISED
2024
FN-DSA (Falcon)
FIPS 206 · Digital Signature
DRAFT (DIS)
2025
HQC
— · Backup KEM
SELECTED (2025)
2025
THREAT FEED · LAST 14 DAYS
8
kev
539
vendor
230
cve
1254
news
Sources: CISA Known Exploited Vulnerabilities catalog, NIST NVD CVE feed, GitHub Advisory Database, and curated cybersecurity + Web3 RSS feeds. Refreshed hourly.
MOST-TARGETED VENDORS · 30d
github
CVE 3 · GHSA 193
196
microsoft
KEV 2 · CVE 25 · GHSA 7
34
python
CVE 16 · GHSA 14
30
wordpress
CVE 30 · GHSA 0
30
java
CVE 16 · GHSA 13
29
linux
KEV 1 · CVE 7 · GHSA 10
18
joomla
KEV 2 · CVE 14 · GHSA 0
16
ibm
CVE 13 · GHSA 0
13
QUANTUM RACE · LEADERBOARD
IBM
Condor
1,121q
Atom Computing◉ SOTA
Phoenix
1,180q
USTC
Zuchongzhi 3.0
504q
Quantinuum
H2
56q
Google
Willow
105q
Microsoft + Quantinuum
Topological + ion-trap
56q
IonQ
Forte
64q
Rigetti
Ankaa-3
84q
PQC COMPLIANCE COUNTDOWN
DORA · Digital Operational Resilience Act
537d ago
2025-01-17 · EU
EU financial-sector firms must demonstrate operational resilience (incl. ICT third-party risk) — including cryptographic posture.
CNSA 2.0 · Software/Firmware
189d ago
2025-12-31 · US-NSA
NSA target for new National Security Systems software & firmware to start adopting CNSA 2.0 (Kyber, Dilithium, SHA-2) algorithms.
BSI TR-02102-1 · Crypto Recommendation Refresh
8d ago
2026-06-30 · DE-BSI
Annual BSI cryptographic-recommendation refresh — flagged deadline for hybrid (classical + PQC) roll-out in regulated DE.
CNSA 2.0 · Networking & VPN
541d
2027-12-31 · US-NSA
Networking, VPN, and key-management products on NSS networks should fully support CNSA 2.0 algorithms.
NIST SP 800-131A · Disallow RSA-2048 / ECDSA P-256
1637d
2030-12-31 · US-NIST
NIST recommended sunset for classical public-key crypto in federal systems — full PQC migration target.
CNSA 2.0 · Full PQC Adoption
2733d
2033-12-31 · US-NSA
All NSS systems must be using CNSA 2.0 PQC algorithms exclusively.
COMMUNITY PULSE · CURATED
@CISAgov
Reminder: NSA's CNSA 2.0 timeline is in effect. New software for NSS should now be adopting Kyber, Dilithium, and SHA-2.
@NIST
FIPS 203 (ML-KEM), 204 (ML-DSA) and 205 (SLH-DSA) are now the standards. Migration windows are short for high-value targets.
@matthew_d_green
Harvest-now-decrypt-later isn't a scenario, it's an active intelligence program. The ECDSA signatures you commit today are tomorrow's plaintext.
@hashedout
Bitcoin's quantum exposure isn't a 2040 problem. ~25% of circulating supply sits in P2PKH addresses with exposed pubkeys. Q-Day day-one targets.
@SchneierBlog
If your security architecture cannot survive the public release of CRYSTALS-Kyber breaks, you needed PQC yesterday.
@a16zcrypto
Wallet providers shipping PQC migration paths in 2026 will own the institutional custody narrative for the next decade.
LATEST ADVISORIES
NEWS_THEDEFIANT · INFO
eToro Takes Strategic Stake in Onchain Derivatives Exchange Extended, Plans Zengo Tie-Up
eToro has become a strategic investor in Extended, an onchain perpetual futures exchange, and said the round begins a partnership with Zengo, the self-custody wallet eToro acquired earlier this year. Neither company disclosed the investment size.
NEWS_THEDEFIANT · INFO
BitMine Adds $73 Million in ETH, Pushing Holdings to 4.8% of Supply
BitMine Immersion Technologies (NYSE: BMNR), the Ethereum treasury company chaired by Fundstrat's Tom Lee, bought 42,197 ETH worth roughly $73 million over the past week, according to the company's own holdings update posted Monday. The purchase lifts BitMine's total to 5,742,237 ETH, about 4.8% of…
NEWS_THEDEFIANT · INFO
Tether's Former CIO Heathcote Plans to Sell Equity Stake
Richard Heathcote, who until earlier this year served as Tether Holdings SA's chief investment officer, is planning to sell a small stake in the stablecoin issuer, Bloomberg reported Monday, citing people familiar with the matter. Heathcote is working with investment bank PJT Partners to sell part…
NEWS_THEDEFIANT · INFO
NEAR Governance Votes to Scrap Developer Gas Rebate
NEAR's on-chain governance body, House of Stake, passed proposal HSP-027 to eliminate the protocol's developer gas rebate, a change that will send all network gas fees to be burned rather than partly rebated to smart-contract owners. NEAR co-founder Illia Polosukhin confirmed the outcome Monday,…
NEWS_COINTELEGRAPH · INFO
Secret Network cites AI exploit risks in proposed Arbitrum move
“The security risk is the part we take most seriously,” the team said, citing old code and AI exploit risks.
NEWS_COINTELEGRAPH · INFO
CFTC charges commodity, crypto pool operator with $14M fraud
The CFTC has launched a rare crypto-related enforcement action against a commodity pool operator that allegedly defrauded investors of more than $14 million.
NEWS_COINTELEGRAPH · INFO
Strike launches ‘volatility-proof’ Bitcoin loans amid bear market, but at a cost
The cost of eliminating margin calls and forced liquidations is an interest rate as high as 14.2% and an obligation to pay on time, Strike CEO Jack Mallers said.
GHSA · MEDIUM
GHSA · pip/weblate · CVE-2026-50127
Weblate SSRF: outbound URL guard misses some private ranges
GHSA · MEDIUM
GHSA · go/github.com/oasdiff/oasdiff · CVE-2026-53508
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)
GHSA · MEDIUM
GHSA · go/github.com/kedacore/keda/v2 · CVE-2026-53572
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
GHSA · MEDIUM
GHSA · pip/Flask-Security-Too · GHSA-f66q-9rf6-8795
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
GHSA · HIGH
GHSA · go/github.com/zhenorzz/goploy · CVE-2026-53553
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
GHSA · CRITICAL
GHSA · go/github.com/zhenorzz/goploy · CVE-2026-53552
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
GHSA · MEDIUM
GHSA · pip/ha-mcp · GHSA-q855-8rh5-jfgq
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
GHSA · LOW
GHSA · rust/rama · GHSA-cwv4-h3j5-w3cf
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path
GHSA · MEDIUM
GHSA · pip/aiosmtplib · CVE-2026-53533
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
GHSA · MEDIUM
GHSA · go/github.com/zxh326/kite · CVE-2026-53487
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
GHSA · LOW
GHSA · composer/web-auth/webauthn-lib · GHSA-gq4g-fpc9-vjfq
Webauthn: SimpleFakeCredentialGenerator with an empty secret produces predictable fake credentials, weakening username enumeration protection
GHSA · MEDIUM
GHSA · rust/ratex-parser · CVE-2026-53531
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
GHSA · HIGH
GHSA · rust/ratex-parser · CVE-2026-53530
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice)
NVD · HIGH
CVE-2026-59704 · CVSS 7.1
Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation t
NEWS_DECRYPT · INFO
Anthropic Removes Hidden Claude Code Tracker After Researchers Raise Privacy Concerns
The company says the tool was designed to stop abuse and AI model extraction, but critics questioned the use of undisclosed monitoring.
NEWS_DECRYPT · INFO
SEC's Long-Promised Crypto Safe Harbor to Be Introduced as Soon as This Month
The SEC updated its agenda to indicate that a key crypto rulemaking is slated to be released for public comment in July.
NEWS_CYBERSCOOP_ME · INFO
Spain arrests suspected hacker linked to Russian hacktivist campaign
Authorities didn’t name the man or file formal charges, but accuse him of participating in attacks linked to Cyber Army of Russia Reborn and NoName. The post Spain arrests suspected hacker linked to Russian hacktivist campaign appeared first on CyberScoop .
NEWS_COINTELEGRAPH · INFO
SEC crypto rule changes are high on its 2026 agenda
The financial regulator’s agenda included proposed rule changes related to crypto broker-dealers, digital assets on national securities exchanges and potential safe harbors.
NEWS_DECRYPT · INFO
Tether Invests $20 Million in Mercado Bitcoin to Fuel Expansion Across Latin America
Brazilian crypto exchange Mercado Bitcoin has raised $20 million in fresh investment from USDT stablecoin issuer Tether.
NVD · HIGH
CVE-2026-59707 · CVSS 8.6
LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to fetch arbitrary internal URLs. The endpoint passes unsanitized gallery URL fields directly to gallery.GetGalleryConfigFromURLWithContext without proper validation
NVD · HIGH
CVE-2026-58469 · CVSS 7.5
GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can ca
NEWS_COINTELEGRAPH · INFO
Ether climbs toward $2K as Bitmine buys ETH, Robinhood L2 boost
ETH charts a path toward $2,000 as TradFi adoption, DAT buying and a long-awaited network upgrade boost investor interest.
NEWS_DARKREADING · INFO
Big Brand Jobs Scam Targets Marketing Pros' Google Accounts
The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.

Don't wait for Q-Day.

QorTrace audits smart contracts, scans wallets for cryptographic exposure, and certifies post-quantum readiness. The strongest hands move first.

Get auditedSee pricing