QorTrace
QORTRACE THREAT RADAR · LIVE

The clock is
already ticking.

A live map of post-quantum and Web3 threats. Every signature you commit today is harvest-now-decrypt-later candy when fault-tolerant quantum arrives. Watch the threat surface — and the countdown — in real time.

Schedule Consult
ESTIMATED Q-DAY · 2028-10-03
817
DAYS
19
HRS
33
MIN
49
SEC
STATE OF THE ART
1,180
physical qubits
Atom Computing · Phoenix
Best logical: 24 q (Microsoft + Quantinuum)
HARVEST · NOW · DECRYPT · LATER
6,694,295,850
ECDSA signatures committed onchain (BTC + ETH)
BTC #957133 · ETH #25,486,000
SEE EXPOSED WALLETS →
WEEKLY THREAT BRIEFING · FREE
Tweet this view · PH
FILTERS · TAP TO TOGGLE LAYERS
NEWS_THEDEFIANTeToro Takes Strategic Stake in Onchain Derivatives Exchange Extended, Plans Zengo Tie-UpNEWS_THEDEFIANTBitMine Adds $73 Million in ETH, Pushing Holdings to 4.8% of SupplyNEWS_THEDEFIANTTether's Former CIO Heathcote Plans to Sell Equity StakeNEWS_THEDEFIANTNEAR Governance Votes to Scrap Developer Gas RebateNEWS_COINTELEGRAPHHere’s what happened in crypto todayNEWS_COINTELEGRAPHStarkWare CEO suggests 4% annual Bitcoin inflation to replace 21M capNEWS_COINTELEGRAPHSwyftx eyes crypto payments after securing Australian licenseNEWS_COINDESKLive markets: Japan's collapsing yen is pushing companies into bitcoin and XRPNVDCVE-2026-9842 · CVSS 7.5NVDCVE-2026-14482 · CVSS 8.8NVDCVE-2026-14244 · CVSS 7.5NVDCVE-2026-14158 · CVSS 8.8NEWS_COINDESKBitcoin under pressure as U.S.-Iran escalation lifts oilNEWS_COINTELEGRAPHSecret Network cites AI exploit risks in proposed Arbitrum moveNEWS_COINTELEGRAPHCFTC charges commodity, crypto pool operator with $14M fraudNEWS_COINTELEGRAPHStrike launches ‘volatility-proof’ Bitcoin loans amid bear market, but at a cost
FREE PQC SCAN · 1 PER DAY

Paste a wallet or contract address and we'll score its cryptographic exposure on a 0-100 scale. Free, no card, instant.

REGIONAL HOTSPOTS · 14d
NIST PQC STANDARDS
ML-KEM (Kyber)
FIPS 203 · Key Encapsulation
STANDARDISED
2024
ML-DSA (Dilithium)
FIPS 204 · Digital Signature
STANDARDISED
2024
SLH-DSA (SPHINCS+)
FIPS 205 · Hash-based Signature
STANDARDISED
2024
FN-DSA (Falcon)
FIPS 206 · Digital Signature
DRAFT (DIS)
2025
HQC
— · Backup KEM
SELECTED (2025)
2025
THREAT FEED · LAST 14 DAYS
539
vendor
1252
news
234
cve
8
kev
Sources: CISA Known Exploited Vulnerabilities catalog, NIST NVD CVE feed, GitHub Advisory Database, and curated cybersecurity + Web3 RSS feeds. Refreshed hourly.
MOST-TARGETED VENDORS · 30d
github
CVE 3 · GHSA 193
196
wordpress
CVE 34 · GHSA 0
34
microsoft
KEV 2 · CVE 25 · GHSA 7
34
python
CVE 16 · GHSA 14
30
java
CVE 16 · GHSA 13
29
linux
KEV 1 · CVE 7 · GHSA 10
18
joomla
KEV 2 · CVE 14 · GHSA 0
16
docker
CVE 4 · GHSA 9
13
QUANTUM RACE · LEADERBOARD
IBM
Condor
1,121q
Atom Computing◉ SOTA
Phoenix
1,180q
USTC
Zuchongzhi 3.0
504q
Quantinuum
H2
56q
Google
Willow
105q
Microsoft + Quantinuum
Topological + ion-trap
56q
IonQ
Forte
64q
Rigetti
Ankaa-3
84q
PQC COMPLIANCE COUNTDOWN
DORA · Digital Operational Resilience Act
537d ago
2025-01-17 · EU
EU financial-sector firms must demonstrate operational resilience (incl. ICT third-party risk) — including cryptographic posture.
CNSA 2.0 · Software/Firmware
189d ago
2025-12-31 · US-NSA
NSA target for new National Security Systems software & firmware to start adopting CNSA 2.0 (Kyber, Dilithium, SHA-2) algorithms.
BSI TR-02102-1 · Crypto Recommendation Refresh
8d ago
2026-06-30 · DE-BSI
Annual BSI cryptographic-recommendation refresh — flagged deadline for hybrid (classical + PQC) roll-out in regulated DE.
CNSA 2.0 · Networking & VPN
541d
2027-12-31 · US-NSA
Networking, VPN, and key-management products on NSS networks should fully support CNSA 2.0 algorithms.
NIST SP 800-131A · Disallow RSA-2048 / ECDSA P-256
1637d
2030-12-31 · US-NIST
NIST recommended sunset for classical public-key crypto in federal systems — full PQC migration target.
CNSA 2.0 · Full PQC Adoption
2733d
2033-12-31 · US-NSA
All NSS systems must be using CNSA 2.0 PQC algorithms exclusively.
COMMUNITY PULSE · CURATED
@CISAgov
Reminder: NSA's CNSA 2.0 timeline is in effect. New software for NSS should now be adopting Kyber, Dilithium, and SHA-2.
@NIST
FIPS 203 (ML-KEM), 204 (ML-DSA) and 205 (SLH-DSA) are now the standards. Migration windows are short for high-value targets.
@matthew_d_green
Harvest-now-decrypt-later isn't a scenario, it's an active intelligence program. The ECDSA signatures you commit today are tomorrow's plaintext.
@hashedout
Bitcoin's quantum exposure isn't a 2040 problem. ~25% of circulating supply sits in P2PKH addresses with exposed pubkeys. Q-Day day-one targets.
@SchneierBlog
If your security architecture cannot survive the public release of CRYSTALS-Kyber breaks, you needed PQC yesterday.
@a16zcrypto
Wallet providers shipping PQC migration paths in 2026 will own the institutional custody narrative for the next decade.
LATEST ADVISORIES
NEWS_THEDEFIANT · INFO
eToro Takes Strategic Stake in Onchain Derivatives Exchange Extended, Plans Zengo Tie-Up
eToro has become a strategic investor in Extended, an onchain perpetual futures exchange, and said the round begins a partnership with Zengo, the self-custody wallet eToro acquired earlier this year. Neither company disclosed the investment size.
NEWS_THEDEFIANT · INFO
BitMine Adds $73 Million in ETH, Pushing Holdings to 4.8% of Supply
BitMine Immersion Technologies (NYSE: BMNR), the Ethereum treasury company chaired by Fundstrat's Tom Lee, bought 42,197 ETH worth roughly $73 million over the past week, according to the company's own holdings update posted Monday. The purchase lifts BitMine's total to 5,742,237 ETH, about 4.8% of…
NEWS_THEDEFIANT · INFO
Tether's Former CIO Heathcote Plans to Sell Equity Stake
Richard Heathcote, who until earlier this year served as Tether Holdings SA's chief investment officer, is planning to sell a small stake in the stablecoin issuer, Bloomberg reported Monday, citing people familiar with the matter. Heathcote is working with investment bank PJT Partners to sell part…
NEWS_THEDEFIANT · INFO
NEAR Governance Votes to Scrap Developer Gas Rebate
NEAR's on-chain governance body, House of Stake, passed proposal HSP-027 to eliminate the protocol's developer gas rebate, a change that will send all network gas fees to be burned rather than partly rebated to smart-contract owners. NEAR co-founder Illia Polosukhin confirmed the outcome Monday,…
NEWS_COINTELEGRAPH · INFO
Here’s what happened in crypto today
Need to know what happened in crypto today? Here is the latest news on daily trends and events impacting Bitcoin price, blockchain, DeFi, Web3 and crypto regulation.
NEWS_COINTELEGRAPH · INFO
StarkWare CEO suggests 4% annual Bitcoin inflation to replace 21M cap
StarkWare CEO Eli Ben-Sasson argued that Bitcoin private keys get lost over time, meaning the amount of usable Bitcoin will diminish. Many disagree.
NEWS_COINTELEGRAPH · INFO
Swyftx eyes crypto payments after securing Australian license
Swyftx interim co-CEO Andrea Yuen says the company "won’t be a pure crypto spot exchange in future,” after it secured a license allowing it to offer payment services.
NEWS_COINDESK · INFO
Live markets: Japan's collapsing yen is pushing companies into bitcoin and XRP
Hedge funds have turned the most bearish on the yen since 2007, boosting bets on further losses to nearly 138,000 contracts as of June 30.
NVD · HIGH
CVE-2026-9842 · CVSS 7.5
The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the `manage_options` capability to the `backstage_customizer_user` demo role, which is more permissive than necessary for
NVD · HIGH
CVE-2026-14482 · CVSS 8.8
The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an alway
NVD · HIGH
CVE-2026-14244 · CVSS 7.5
The Jssor Slider by jssor.com plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.1.24 via the 'url' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensit
NVD · HIGH
CVE-2026-14158 · CVSS 8.8
The Widget Logic Visual plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.52 via the widget_logic_visual_check_visibility function. This is due to missing capability check and nonce verification on the widget-logic-update-conditional-tags AJAX action
NEWS_COINDESK · INFO
Bitcoin under pressure as U.S.-Iran escalation lifts oil
Major cryptocurrencies are trading in the red as renewed U.S.-Iran airstrikes push oil higher.
NEWS_COINTELEGRAPH · INFO
Secret Network cites AI exploit risks in proposed Arbitrum move
“The security risk is the part we take most seriously,” the team said, citing old code and AI exploit risks.
NEWS_COINTELEGRAPH · INFO
CFTC charges commodity, crypto pool operator with $14M fraud
The CFTC has launched a rare crypto-related enforcement action against a commodity pool operator that allegedly defrauded investors of more than $14 million.
NEWS_COINTELEGRAPH · INFO
Strike launches ‘volatility-proof’ Bitcoin loans amid bear market, but at a cost
The cost of eliminating margin calls and forced liquidations is an interest rate as high as 14.2% and an obligation to pay on time, Strike CEO Jack Mallers said.
GHSA · MEDIUM
GHSA · pip/weblate · CVE-2026-50127
Weblate SSRF: outbound URL guard misses some private ranges
GHSA · MEDIUM
GHSA · go/github.com/oasdiff/oasdiff · CVE-2026-53508
oasdiff does not enforce --allow-external-refs=false on the git-revision load path (SSRF / local file read)
GHSA · MEDIUM
GHSA · go/github.com/kedacore/keda/v2 · CVE-2026-53572
KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
GHSA · MEDIUM
GHSA · pip/Flask-Security-Too · GHSA-f66q-9rf6-8795
Flask-Security-Too: WebAuthn reauthentication freshness bypass via cross-user assertion
GHSA · HIGH
GHSA · go/github.com/zhenorzz/goploy · CVE-2026-53553
Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise
GHSA · CRITICAL
GHSA · go/github.com/zhenorzz/goploy · CVE-2026-53552
Goploy: Cross-namespace IDOR and RCE via body-supplied row id in project and project_file handlers
GHSA · MEDIUM
GHSA · pip/ha-mcp · GHSA-q855-8rh5-jfgq
ha-mcp: Add-on settings and policy routes are reachable without authentication at the bare root path
GHSA · LOW
GHSA · rust/rama · GHSA-cwv4-h3j5-w3cf
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path
GHSA · MEDIUM
GHSA · pip/aiosmtplib · CVE-2026-53533
aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address
GHSA · MEDIUM
GHSA · go/github.com/zxh326/kite · CVE-2026-53487
Kite has an authenticated cluster RBAC bypass in /api/v1/overview
GHSA · LOW
GHSA · composer/web-auth/webauthn-lib · GHSA-gq4g-fpc9-vjfq
Webauthn: SimpleFakeCredentialGenerator with an empty secret produces predictable fake credentials, weakening username enumeration protection
GHSA · MEDIUM
GHSA · rust/ratex-parser · CVE-2026-53531
ratex-parser has unbounded parser recursion that leads to stack overflow (process abort)
GHSA · HIGH
GHSA · rust/ratex-parser · CVE-2026-53530
ratex-parser panics on `\verb` with a multibyte delimiter (UTF-8 byte-boundary slice)
NVD · HIGH
CVE-2026-59704 · CVSS 7.1
Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generation t

Don't wait for Q-Day.

QorTrace audits smart contracts, scans wallets for cryptographic exposure, and certifies post-quantum readiness. The strongest hands move first.

Get auditedSee pricing
GET STARTED IN 60s
Need to scope a PQC audit, scan a wallet, or pick a tier? I'll walk you through it in under a minute — with sources.