The clock is
already ticking.

US

RU

CH

CA

TW

UK

IR

2025-01-17 · EU

EU financial-sector firms must demonstrate operational resilience (incl. ICT third-party risk) — including cryptographic posture.

2025-12-31 · US-NSA

NSA target for new National Security Systems software & firmware to start adopting CNSA 2.0 (Kyber, Dilithium, SHA-2) algorithms.

2026-06-30 · DE-BSI

Annual BSI cryptographic-recommendation refresh — flagged deadline for hybrid (classical + PQC) roll-out in regulated DE.

2027-12-31 · US-NSA

Networking, VPN, and key-management products on NSS networks should fully support CNSA 2.0 algorithms.

2030-12-31 · US-NIST

NIST recommended sunset for classical public-key crypto in federal systems — full PQC migration target.

2033-12-31 · US-NSA

All NSS systems must be using CNSA 2.0 PQC algorithms exclusively.

@CISAgov

Reminder: NSA's CNSA 2.0 timeline is in effect. New software for NSS should now be adopting Kyber, Dilithium, and SHA-2.

@NIST

FIPS 203 (ML-KEM), 204 (ML-DSA) and 205 (SLH-DSA) are now the standards. Migration windows are short for high-value targets.

@matthew_d_green

Harvest-now-decrypt-later isn't a scenario, it's an active intelligence program. The ECDSA signatures you commit today are tomorrow's plaintext.

@hashedout

Bitcoin's quantum exposure isn't a 2040 problem. ~25% of circulating supply sits in P2PKH addresses with exposed pubkeys. Q-Day day-one targets.

@SchneierBlog

If your security architecture cannot survive the public release of CRYSTALS-Kyber breaks, you needed PQC yesterday.

@a16zcrypto

Wallet providers shipping PQC migration paths in 2026 will own the institutional custody narrative for the next decade.

NEWS_INFOSECURITY · INFO

North Korean Hiring Fraud Runs on AI and US Laptop Farms

Nisos infiltrated a North Korean IT-worker fraud cell running on AI interviews and a US laptop farm

NEWS_COINTELEGRAPH · INFO

Trace Finance raises $32M for cross-border stablecoin settlement expansion

The raise comes as stablecoin regulation advances globally and financial firms invest in infrastructure connecting blockchain payments with traditional banking systems.

NEWS_COINDESK · INFO

BitGo stock surges on $50 million share buyback as value languishes 65% below IPO price

The buyback comes as newly public digital-asset firms face a tougher environment, with crypto markets lagging and investor attention shifting toward AI stocks.

NEWS_COINTELEGRAPH · INFO

Bitcoin price sets $64.5K week-to-date low as Strategy selling worries return

Bitcoin circled $65,000 after downside BTC price pressure into the FOMC meeting as analysis warned over the impact of Strategy potentially selling more BTC in the future.

NEWS_DECRYPT · INFO

'Rapidly Evolving': Benchmark Analyst Bullish on Coinbase After Stocks, Options Moves

Benchmark-StoneX reiterated a $270 price target for COIN—60% higher than Coinbase’s current share price—following an array of product announcements.

GHSA · MEDIUM

GHSA · pip/open-webui · CVE-2026-54016

Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration

GHSA · MEDIUM

GHSA · pip/open-webui · CVE-2026-54016

Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration

GHSA · MEDIUM

GHSA · pip/open-webui · CVE-2026-54015

Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion

GHSA · MEDIUM

GHSA · pip/open-webui · CVE-2026-54014

Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}

GHSA · HIGH

GHSA · pip/open-webui · CVE-2026-54013

Open WebUI: Stored XSS to Account Takeover via Model Profile Images

GHSA · HIGH

GHSA · pip/open-webui · CVE-2026-54012

Open WebUI: Forged model meta.knowledge allows cross-user file read and deletion

GHSA · HIGH

GHSA · pip/open-webui · CVE-2026-54011

Open WebUI: Stored XSS in Mermaid Markdown Preview

GHSA · HIGH

GHSA · pip/open-webui · CVE-2026-54010

Open WebUI: Forged chat-file link allows cross-user file read and deletion

NEWS_COINDESK · INFO

Crypto’s security nightmare won’t be solved by ordinary audits

Without an update to the current auditing infrastructure, the crypto space will likely continue to suffer significant losses, explains Beyer.

GHSA · MEDIUM

GHSA · pip/open-webui · CVE-2026-54009

Open WebUI: Cross-user file disclosure via /api/chat/completions image_url field

NEWS_BITCOINMAG · INFO

Oman Launches Mandatory National Bitcoin Mining Pool in State-Backed Push for Regulatory Control

Bitcoin Magazine Oman Launches Mandatory National Bitcoin Mining Pool in State-Backed Push for Regulatory Control Oman launched a mandatory state-backed Bitcoin mining pool requiring all licensed miners to participate, tightening regulatory oversight while expanding the country's $700 million-plus p

GHSA · HIGH

GHSA · pip/open-webui · CVE-2026-54008

Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url` (incomplete-fix sibling of CVE-2026-45401)

GHSA · HIGH

GHSA · pip/open-webui · CVE-2026-54007

Open WebUI: Cross-origin postMessage confirmation bypass via action:submit

GHSA · MEDIUM

GHSA · pip/open-webui · CVE-2026-54006

Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar

GHSA · MEDIUM

GHSA · npm/nocodb · CVE-2026-53931

NocoDB: Server-Side Request Forgery via Spreadsheet Import Endpoint

NEWS_COINTELEGRAPH · INFO

Ready USDC card halts non-EEA service after issuer change, users report

Users reported losing access to Ready’s USDC card outside the EEA after a card provider change triggered rapid deactivation notices.

GHSA · MEDIUM

GHSA · npm/nocodb · CVE-2026-53930

NocoDB: Server-Side Request Forgery via Base Migration URL

GHSA · MEDIUM

GHSA · npm/nocodb · CVE-2026-53929

NocoDB: Stored Cross-Site Scripting via Secure Attachment

GHSA · MEDIUM

GHSA · npm/nocodb · CVE-2026-53928

NocoDB: Refresh Tokens Persist Through Password Recovery

NEWS_SECURITYWEEK · INFO

Webinar Today: How Modern Breaches Bypass MFA and Evade Detection

Attendees will learn how attackers evade conventional detection methods, why legacy MFA alone is no longer sufficient, and how organizations can strengthen their defenses. The post Webinar Today: How Modern Breaches Bypass MFA and Evade Detection appeared first on SecurityWeek .

GHSA · MEDIUM

GHSA · npm/nocodb · CVE-2026-53927

NocoDB: Server-Side Request Forgery via Spreadsheet Fetch URL

NEWS_DARKREADING · INFO

Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices

Attackers actively are targeting various sectors across nearly 200 countries and have already compiled a list of working credentials for tens of thousands of compromised devices.

GHSA · MEDIUM

GHSA · pip/vllm · CVE-2026-54233

vLLM: OOM Denial of Service via Audio Decompression Bomb

GHSA · MEDIUM

GHSA · pip/vllm · CVE-2026-54236

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

GHSA · MEDIUM

GHSA · pip/vllm · CVE-2026-53923

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving