Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Latest News

Asia is a Major Hub For Cybercrime, And AI is Poised to Exacerbate The Problem

  Southeast Asia has emerged as a global hotspot for cybercrimes, where human trafficking and high-tech fraud collide. Criminal syndicates ...

All the recent news you need to know
Ransomwares
corporate cyber attacks Cyber Security Cyber Security Tool Cyberattack Cyberthreart Data protection data security Enterprise security Ingram Micro Password Security ransomware attacks Ransomwares

Why Major Companies Are Still Falling to Basic Cybersecurity Failures

 

In recent weeks, three major companies—Ingram Micro, United Natural Foods Inc. (UNFI), and McDonald’s—faced disruptive cybersecurity incidents. Despite operating in vastly different sectors—technology distribution, food logistics, and fast food retail—all three breaches stemmed from poor security fundamentals, not advanced cyber threats. 

Ingram Micro, a global distributor of IT and cybersecurity products, was hit by a ransomware attack in early July 2025. The company’s order systems and communication channels were temporarily shut down. Though systems were restored within days, the incident highlights a deeper issue: Ingram had access to top-tier security tools, yet failed to use them effectively. This wasn’t a tech failure—it was a lapse in execution and internal discipline. 

Just two weeks earlier, UNFI, the main distributor for Whole Foods, suffered a similar ransomware attack. The disruption caused significant delays in food supply chains, exposing the fragility of critical infrastructure. In industries that rely on real-time operations, cyber incidents are not just IT issues—they’re direct threats to business continuity. 

Meanwhile, McDonald’s experienced a different type of breach. Researchers discovered that its AI-powered hiring tool, McHire, could be accessed using a default admin login and a weak password—“123456.” This exposed sensitive applicant data, potentially impacting millions. The breach wasn’t due to a sophisticated hacker but to oversight and poor configuration. All three cases demonstrate a common truth: major companies are still vulnerable to basic errors. 

Threat actors like SafePay and Pay2Key are capitalizing on these gaps. SafePay infiltrates networks through stolen VPN credentials, while Pay2Key, allegedly backed by Iran, is now offering incentives for targeting U.S. firms. These groups don’t need advanced tools when companies are leaving the door open. Although Ingram Micro responded quickly—resetting credentials, enforcing MFA, and working with external experts—the damage had already been done. 

Preventive action, such as stricter access control, routine security audits, and proper use of existing tools, could have stopped the breach before it started. These incidents aren’t isolated—they’re indicative of a larger issue: a culture that prioritizes speed and convenience over governance and accountability. 

Security frameworks like NIST or CMMC offer roadmaps for better protection, but they must be followed in practice, not just on paper. The lesson is clear: when organizations fail to take care of cybersecurity basics, they put systems, customers, and their own reputations at risk. Prevention starts with leadership, not technology.
Read more »
Russia
Bitcoin Crypto Mining Cyber Crime electricity Russia

Hidden Crypto Mining Operation Found in Truck Tied to Village Power Supply

 


In a surprising discovery, officials in Russia uncovered a secret cryptocurrency mining setup hidden inside a Kamaz truck parked near a village in the Buryatia region. The vehicle wasn’t just a regular truck, it was loaded with 95 mining machines and its own transformer, all connected to a nearby power line powerful enough to supply an entire community.


What Is Crypto Mining, and Why Is It Controversial?

Cryptocurrency mining is the process of creating digital coins and verifying transactions through a network called a blockchain — a digital ledger that can’t be altered. Computers solve complex calculations to keep this system running smoothly. However, this process demands huge amounts of electricity. For example, mining the popular coin Bitcoin consumes more power in a year than some entire countries.


Why Was This Setup a Problem?

While mining can help boost local economies and create tech jobs, it also brings risks, especially when done illegally. In this case, the truck was using electricity intended for homes without permission. The unauthorized connection reportedly caused power issues like low voltage, grid overload, and blackouts for local residents.

The illegal setup was discovered during a routine check by power inspectors in the Pribaikalsky District. Before law enforcement could step in, two people suspected of operating the mining rig escaped in a vehicle.


Not the First Incident

This wasn’t an isolated case. Authorities report that this is the sixth time this year such theft has occurred in Buryatia. Due to frequent power shortages, crypto mining is banned in most parts of the region from November through March. Even when allowed, only approved companies can operate in designated areas.


Wider Energy and Security Impacts

Crypto mining operations run 24/7 and demand a steady flow of electricity. This constant use strains power networks, increases local energy costs, and can cause outages when grids can’t handle the load. Because of this, similar mining restrictions have been put in place in other regions, including Irkutsk and Dagestan.

Beyond electricity theft, crypto mining also has ties to cybercrime. Security researchers have reported that some hacking groups secretly install mining software on infected computers. These programs run quietly, often at night, using stolen power and system resources without the owner’s knowledge. They can also steal passwords and disable antivirus tools to remain undetected.


The Environmental Cost

Mining doesn’t just hurt power grids — it also affects the environment. Many mining operations use electricity from fossil fuels, which contributes to pollution and climate change. Although a study from the University of Cambridge found that over half of Bitcoin mining now uses cleaner sources like wind, nuclear, or hydro power, a significant portion still relies on coal and gas.

Some companies are working to make mining cleaner. For example, projects in Texas and Bhutan are using renewable energy to reduce the environmental impact. But the challenge remains, crypto mining’s hunger for energy has far-reaching consequences.

Read more »
Technology
Artifcial Intelligence CyberCrime Cybersecurity CyberThreat Google Google Gemini AI LLM Phishing Content Technology

Google Gemini Exploit Enables Covert Delivery of Phishing Content

 


An AI-powered automation system in professional environments, such as Google Gemini for Workspace, is vulnerable to a new security flaw. Using Google’s advanced large language model (LLM) integration within its ecosystem, Gemini enables the use of artificial intelligence (AI) directly with a wide range of user tools, including Gmail, to simplify workplace tasks. 

A key feature of the app is the ability to request concise summaries of emails, which are intended to save users time and prevent them from becoming fatigued in their inboxes by reducing the amount of time they spend in it. Security researchers have, however identified a significant flaw in this feature which appears to be so helpful. 

As Mozilla bug bounty experts pointed out, malicious actors can take advantage of the trust users place in Gemini's automated responses by manipulating email content so that the AI is misled into creating misleading summaries by manipulating the content. As a result of the fact that Gemini operates within Google's trusted environment, users are likely to accept its interpretations without question, giving hackers a prime opportunity. This finding highlights what is becoming increasingly apparent in the cybersecurity landscape: when powerful artificial intelligence tools are embedded within widely used platforms, even minor vulnerabilities can be exploited by sophisticated social engineers. 

It is the vulnerability at the root of this problem that Gemini can generate e-mail summaries that seem legitimate but can be manipulated so as to include deceptive or malicious content without having to rely on conventional red flags, such as suspicious links or file attachments, to detect it. 

An attack can be embedded within an email body as an indirect prompt injection by attackers, according to cybersecurity researchers. When Gemini's language model interprets these hidden instructions during thesummarisationn process, it causes the AI to unintentionally include misleading messages in the summary that it delivers to the user, unknowingly. 

As an example, a summary can falsely inform the recipient that there has been a problem with their account, advising them to act right away, and subtly direct them to a phishing site that appears to be reliable and trustworthy. 

While prompt injection attacks on LLMs have been documented since the year 2024, and despite the implementation of numerous safeguards by developers to prevent these manipulations from occurring, this method continues to be effective even today. This tactic is persisting because of the growing sophistication of threat actors as well as the challenge of fully securing generative artificial intelligence systems that are embedded in critical communication platforms. 

There is also a need to be more vigilant when developing artificial intelligence and making sure users are aware of it, as traditional cybersecurity cues may no longer apply to these AI-driven environments. In order to find these vulnerabilities, a cybersecurity researcher, Marco Figueroa, identified them and responsibly disclosed them through Mozilla's 0Din bug bounty program, which specialises in finding vulnerabilities in generative artificial intelligence. 

There is a clever but deeply concerning method of exploitation demonstrated in Figueroa's proof-of-concept. The attack begins with a seemingly harmless e-mail sent to the intended victim that appears harmless at first glance. A phishing prompt disguised in white font on a white background is hidden in a secondary, malicious component of the message, which conceals benign information so as to avoid suspicion of the message.

When viewed in a standard email client, it is completely invisible to the human eye and is hidden behind benign content. The malicious message is strategically embedded within custom tags, which are not standard HTML elements, but which appear to be interpreted in a privileged manner by Gemini's summarization function, as they are not standard HTML elements. 

By activating the "Summarise this email" feature in Google Gemini, a machine learning algorithm takes into account both visible and hidden text within the email. Due to the way Gemini handles input wrapped in tags, it prioritises and reproduces the hidden message verbatim within the summary, placing it at the end of the response, as it should. 

In consequence, what appears to be a trustworthy, AI-generated summary now contains manipulative instructions which can be used to entice people to click on phishing websites, effectively bypassing traditional security measures. A demonstration of the ease with which generative AI tools can be exploited when trust in the system is assumed is demonstrated in this attack method, and it further demonstrates the importance of robust sanitisation protocols as well as input validation protocols for prompt sanitisation. 

It is alarming how effectively the exploitation technique is despite its technical simplicity. An invisible formatting technique enables the embedding of hidden prompts into an email, leveraging Google Gemini's interpretation of raw content to capitalise on its ability to comprehend the content. In the documented attack, a malicious actor inserts a command inside a span element with font-size: 0 and colour: white, effectively rendering the content invisible to the recipient who is viewing the message in a standard email client. 

Unlike a browser, which renders only what can be seen by the user, Gemini process the entire raw HTML document, including all hidden elements. As a consequence, Gemini's summary feature, which is available to the user when they invoke it, interprets and includes the hidden instruction as though it were part of the legitimate message in the generated summary.

It is important to note that this flaw has significant implications for services that operate at scale, as well as for those who use them regularly. A summary tool that is capable of analysing HTML inline styles, such as font-size:0, colour: white, and opacity:0, should be instructed to ignore or neutralise these styles, which render text visually hidden. 

The development team can also integrate guard prompts into LLM behaviour, instructing models not to ignore invisible content, for example. In terms of user education, he recommends that organisations make sure their employees are aware that AI-generated summaries, including those generated by Gemini, serve only as informational aids and should not be treated as authoritative sources when it comes to urgent or security-related instructions. 

A vulnerability of this magnitude has been discovered at a crucial time, as more and more tech companies are increasingly integrating LLMs into their platforms to automate productivity. In contrast to previous models, where users would manually trigger AI tools, the new paradigm is a shift to automated AI tools that will run in the background instead.

It is for this reason that Google introduced the Gemini side panel last year in Gmail, Docs, Sheets, and other Workspace apps to help users summarise and create content within their workflow seamlessly. A noteworthy change in Gmail's functionality is that on May 29, Google enabled automatic email summarisation for users whose organisations have enabled smart features across Gmail, Chat, Meet, and other Workspace tools by activating a default personalisation setting. 

As generative artificial intelligence becomes increasingly integrated into everyday communication systems, robust security protocols will become increasingly important as this move enhances convenience. This vulnerability exposes an issue of fundamental inadequacy in the current guardrails used for LLM, primarily focusing on filtering or flagging content that is visible to the user. 

A significant number of AI models, including the Google Gemini AI model, continue to use raw HTML markup, making them susceptible to obfuscation techniques such as zero-font text and white-on-white formatting. Despite being invisible to users, these techniques are still considered valid input to the model by the model-thereby creating a blind spot for attackers that can easily be exploited by attackers. 

Mozilla's 0Din program classified the issue as a moderately serious vulnerability by Mozilla, and said that the flaw could be exploited by hackers to harvest credential information, use vishing (voice-phishing), and perform other social engineering attacks by exploiting trust in artificial intelligence-generated content in order to gain access to information. 

In addition to the output filter, a post-processing filter can also function as an additional safeguard by inspecting artificial intelligence-generated summaries for signs of manipulation, such as embedded URLs, telephone numbers, or language that implies urgency, flagging these suspicious summaries for human review. This layered defence strategy is especially vital in environments where AI operates at scale. 

As well as protecting against individual attacks, there is also a broader supply chain risk to consider. It is clear that mass communication systems, such as CRM platforms, newsletters, and automated support ticketing services, are potential vectors for injection, according to researcher Marco Figueroa. There is a possibility that a single compromised account on any of these SaaS systems can be used to spread hidden prompt injections across thousands of recipients, turning otherwise legitimate SaaS services into large-scale phishing attacks. 

There is an apt term to describe "prompt injections", which have become the new email macros according to the research. The exploit exhibited by Phishing for Gemini significantly underscores a fundamental truth: even apparently minor, invisible code can be weaponised and used for malicious purposes. 

As long as language models don't contain robust context isolation that ensures third-party content is sandboxed or subjected to appropriate scrutiny, each piece of input should be viewed as potentially executable code, regardless of whether it is encoded correctly or not. In light of this, security teams should start to understand that AI systems are no longer just productivity tools, but rather components of a threat surface that need to be actively monitored, measured, and contained. 

The risk landscape of today does not allow organisations to blindly trust AI output. Because generative artificial intelligence is being integrated into enterprise ecosystems in ever greater numbers, organisations must reevaluate their security frameworks in order to address the emerging risks that arise from machine learning systems in the future. 

Considering the findings regarding Google Gemini, it is urgent to consider AI-generated outputs as potential threat vectors, as they are capable of being manipulated in subtle but impactful ways. A security protocol based on AI needs to be implemented by enterprises to prevent such exploitations from occurring, robust validation mechanisms for automated content need to be established, and a collaborative oversight system between development, IT, and security teams must be established to ensure this doesn't happen again. 

Moreover, it is imperative that AI-driven tools, especially those embedded within communication workflows, be made accessible to end users so that they can understand their capabilities and limitations. In light of the increasing ease and pervasiveness of automation in digital operations, it will become increasingly essential to maintain a culture of informed vigilance across all layers of the organisation to maintain trust and integrity.
Read more »
Washington
Chinese Hackers Data Breach Data Leak Law Firm Washington

Chinese Attackers Suspected of Breaching a Prominent DC Law Firm

 

The next front in the silent war, which is being waged with keystrokes and algorithms rather than missiles, is the digital infrastructure of a prominent legal firm in Washington, DC. 

Wiley Rein, a company known for negotiating the complex webs of power and commerce, has notified clients that suspected Chinese state-sponsored hackers have compromised its email accounts. This intrusion demonstrates Beijing's unrelenting pursuit of intelligence in a world that is becoming more and more divided. 

A sophisticated operation is depicted in the Wiley Rein memo that CNN reviewed, indicating that the perpetrators are a group “affiliated with the Chinese government” who have a known appetite for information about trade, Taiwan, and the very US government agencies that set tariffs and examine foreign investments. Such information is invaluable in the high-stakes game of international affairs, particularly in light of the Trump administration's intensifying trade conflict with China. At the centre of this digital espionage is Wiley Rein. 

Describing itself as "wired into Washington" and a provider of "unmatched insights into the evolving priorities of agencies, regulators, and lawmakers," serves as a critical channel for Fortune 500 companies dealing with the complexities of US-China trade relations. Its attorneys are on the front lines, advising clients on how to navigate the storm of unprecedented tariffs imposed on Chinese goods. 

Gaining access to their communications entails looking directly into the tactics, vulnerabilities, and intentions of American enterprise and, by extension, elements of the US government. It is a direct assault on the intelligence that underpins economic and strategic decisions. 


The firm has admitted the breach, stating that it is currently investigating the full extent of the breach and has contacted law enforcement, working closely with the FBI. Mandiant, a Google-owned security firm, is reportedly handling the remediation, indicating the specialised expertise required to overcome such advanced persistent threats. 

However, the act of detection often lags significantly behind the initial breach, leaving uncertainty about what critical insights may have already been syphoned away.
Read more »
WordPress
Cyber Attacks gravity forms Plugin Supply Chain Attack WordPress

WordPress Plugin Breach: Hackers Gain Control Through Manual Downloads

 



A serious cyberattack recently targeted Gravity Forms, a widely used plugin for WordPress websites. This incident, believed to be part of a supply chain compromise, resulted in infected versions of the plugin being distributed through manual installation methods.

What is Gravity Forms and Who Uses It?

Gravity Forms is a paid plugin that helps website owners create online forms for tasks like registrations, contact submissions, and payments. According to the developer, it powers around a million websites, including those of well-known global companies and organizations.

What Went Wrong?

Cybersecurity researchers from a security firm reported suspicious activity tied to the plugin’s installation files downloaded from the developer’s website. Upon inspection, they discovered that the file named common.php had been tampered with. Instead of functioning as expected, the file secretly sent a request to an unfamiliar domain, gravityapi.org/sites.

Further investigation showed that the altered plugin version quietly collected sensitive data from the infected websites. This included website URLs, admin login paths, installed plugins, themes, and details about the PHP and WordPress versions in use. All this information was then sent to the attackers’ server.

The attack didn’t stop there. The malicious file also downloaded more harmful code disguised as a legitimate WordPress file, storing it in a folder used by the platform’s core features. This hidden code allowed hackers to run commands on the server without needing to log in, essentially giving them full access to the website.

How Did This Affect Site Owners?

The threat mainly impacted those who manually downloaded Gravity Forms versions 2.9.11.1 and 2.9.12 between July 10 and July 11. Developers confirmed that websites which installed the plugin using automated updates from within WordPress were not affected.

In the infected versions, the malware not only blocked future update attempts but also communicated with a remote server to bring in more malicious code. In some cases, the attack even created a secret admin account giving the hackers complete control over the website.

What Should Website Admins Do Now?

The plugin's developer has released a statement acknowledging the issue and has provided instructions to help website owners detect and remove any signs of infection. Users who downloaded the plugin manually during the affected timeframe are strongly advised to reinstall a clean version and scan their websites thoroughly.

Cybersecurity experts also recommend checking for suspicious files and unknown administrator accounts. The domains used in this attack were registered on July 8, suggesting that this breach was carefully planned.

This incident highlights the growing risk of supply chain attacks in the digital world. It serves as a reminder for website administrators to rely on trusted update channels and monitor their sites regularly for any unusual activity.
Read more »
OpenAI
AI integration AI Powered AI technology Browser ChatGPT Chrome Cyber Security Data collection data security Google Chrome Internet Browser OpenAI

OpenAI Launching AI-Powered Web Browser to Rival Chrome, Drive ChatGPT Integration

 

OpenAI is reportedly developing its own web browser, integrating artificial intelligence to offer users a new way to explore the internet. According to sources cited by Reuters, the tool is expected to be unveiled in the coming weeks, although an official release date has not yet been announced. With this move, OpenAI seems to be stepping into the competitive browser space with the goal of challenging Google Chrome’s dominance, while also gaining access to valuable user data that could enhance its AI models and advertising potential. 

The browser is expected to serve as more than just a window to the web—it will likely come packed with AI features, offering users the ability to interact with tools like ChatGPT directly within their browsing sessions. This integration could mean that AI-generated responses, intelligent page summaries, and voice-based search capabilities are no longer separate from web activity but built into the browsing experience itself. Users may be able to complete tasks, ask questions, and retrieve information all within a single, unified interface. 

A major incentive for OpenAI is the access to first-party data. Currently, most of the data that fuels targeted advertising and search engine algorithms is captured by Google through Chrome. By creating its own browser, OpenAI could tap into a similar stream of data—helping to both improve its large language models and create new revenue opportunities through ad placements or subscription services. While details on privacy controls are unclear, such deep integration with AI may raise concerns about data protection and user consent. 

Despite the potential, OpenAI faces stiff competition. Chrome currently holds a dominant share of the global browser market, with nearly 70% of users relying on it for daily web access. OpenAI would need to provide compelling reasons for people to switch—whether through better performance, advanced AI tools, or stronger privacy options. Meanwhile, other companies are racing to enter the same space. Perplexity AI, for instance, recently launched a browser named Comet, giving early adopters a glimpse into what AI-first browsing might look like. 

Ultimately, OpenAI’s browser could mark a turning point in how artificial intelligence intersects with the internet. If it succeeds, users might soon navigate the web in ways that are faster, more intuitive, and increasingly guided by AI. But for now, whether this approach will truly transform online experiences—or simply add another player to the browser wars—remains to be seen.
Read more »
SPN
AES Cryptographic Cryptographically Relevant Quantum Computer Cyber Encryption Cyber Security Cyberattacks CyberThreat Decryption Tool Global Encryption Hardware RSA SPN

Global Encryption at Risk as China Reportedly Advances Decryption Capabilities

 


It has been announced that researchers at Shanghai University have achieved a breakthrough in quantum computing that could have a profound impact on modern cryptographic systems. They achieved a significant leap in quantum computing. The team used a quantum annealing processor called D-Wave to successfully factor a 22-bit RSA number, a feat that has, until now, been beyond the practical capabilities of this particular class of quantum processor. 

There is no real-world value in a 22-bit key, but this milestone marks the beginning of the development of quantum algorithms and the improvement of hardware efficiency, even though it is relatively small and holds no real-world encryption value today. A growing vulnerability has been observed in classical encryption methods such as RSA, which are foundational to digital security across a wide range of financial systems, communication networks and government infrastructures. 

It is a great example of the accelerated pace at which the quantum arms race is occurring, and it reinforces the urgency around the creation of quantum-resistant cryptographic standards and the adoption of quantum-resistant protocols globally. 

As a result of quantum computing's progress, one of the greatest threats is that it has the potential to break widely used public key cryptographic algorithms, including Rivest-Shamir-Adleman (RSA), Diffie-Hellman, and even symmetric encryption standards, such as Advanced Encryption Standard (AES), very quickly and with ease.

Global digital security is built on the backbone of these encryption protocols, safeguarding everything from financial transactions and confidential communications to government and defense data, a safeguard that protects everything from financial transactions to confidential communications. As quantum computers become more advanced, this system might become obsolete if quantum computers become sufficiently advanced by dramatically reducing the time required to decrypt, posing a serious risk to privacy and infrastructure security. 

As a result of this threat looming over the world, major global powers have already refocused their strategic priorities. There is a widespread belief that nation-states that are financially and technologically able to develop quantum computing capabilities are actively engaged in a long-term offensive referred to as “harvest now, decrypt later”, which is the purpose of this offensive. 

Essentially, this tactic involves gathering enormous amounts of encrypted data today to decrypt that data in the future, when quantum computers reach a level of functionality that can break classical encryption. Even if the data has remained secure for now, its long-term confidentiality could be compromised. 

According to this strategy, there is a pressing need for quantum-resistant cryptographic standards to be developed and deployed urgently to provide a future-proof solution to sensitive data against the inevitable rise in quantum decryption capabilities that is inevitable. Despite the fact that 22-bit RSA keys are far from secure by contemporary standards, and they can be easily cracked by classical computer methods, this experiment marks the largest number of quantum annealing calculations to date, a process that is fundamentally different from the gate-based quantum systems that are most commonly discussed. 

It is important to note that this experiment is not related to Shor's algorithm, which has been thecentrer of theoretical discussions about breaking RSA encryption and uses gate-based quantum computers based on highly advanced technology. Instead, this experiment utilised quantum annealing, an algorithm that is specifically designed to solve a specific type of mathematical problem, such as factoring and optimisation, using quantum computing. 

The difference is very significant: whereas Shor's algorithm remains largely impractical at scale because of hardware limitations at the moment, D-Wave offers a solution to this dilemma by demonstrating how real-world factoring can be achieved on existing quantum hardware. Although it is limited to small key sizes, it does demonstrate the potential for real-world factoring on existing quantum hardware. This development has a lot of importance for the broader cryptographic security community. 

For decades, RSA encryption has provided online transactions, confidential communications, software integrity, and authentication systems with the necessary level of security. The RSA encryption is heavily dependent upon the computational difficulty of factorising large semiprime numbers. Classical computers have required a tremendous amount of time and resources to crack such encryption, which has kept the RSA encryption in business for decades to come.

In spite of the advances made by Wang and his team, it appears that even alternative quantum methods, beyond the widely discussed gate-based systems, may have tangible results for attacking these cryptographic barriers in the coming years. While it may be the case that quantum annealing is still at its infancy, the trajectory is still clearly in sight: quantum annealing is maturing, and as a result, the urgency for transitioning to post-quantum cryptographic standards becomes increasingly important.

A 22-bit RSA key does not have any real cryptographic value in today's digital landscape — where standard RSA keys usually exceed 2048 bits — but the successful factoring of such a key using quantum annealing represents a crucial step forward in quantum computing research. A demonstration, which is being organised by researchers in Shanghai, will not address the immediate practical threats that quantum attacks pose, but rather what it will reveal concerning quantum attack scalability in the future. 

A compelling proof-of-concept has been demonstrated here, illustrating that with refined techniques and optimisation, more significant encryption scenarios may soon come under attack. What makes this experiment so compelling is the technical efficiency reached by the research team as a result of their work. A team of researchers demonstrated that the current hardware limitations might actually be more flexible than previously thought by minimising the number of physical qubits required per variable, improving embeddings, and reducing noise through improved embeddings. 

By using quantum annealers—specialised quantum devices previously thought to be too limited for such tasks, this opens up the possibility to factor out larger key sizes. Additionally, there have been successful implementations of the quantum annealing approach for use with symmetric cryptography algorithms, including Substitution-Permutation Network (SPN) cyphers such as Present and Rectangle, which have proven to be highly effective. 

In the real world, lightweight cyphers are common in embedded systems as well as Internet of Things (IoT) devices, which makes this the first demonstration of a quantum processor that poses a credible threat to both asymmetric as well as symmetric encryption mechanisms simultaneously instead of only one or the other. 

There are far-reaching implications to the advancements that have been made as a result of this advancement, and they have not gone unnoticed by the world at large. In response to the accelerated pace of quantum developments, the US National Institute of Standards and Technology (NIST) published the first official post-quantum cryptography (PQC) standards in August of 2024. These standards were formalised under the FIPS 203, 204, and 205 codes. 

There is no doubt that this transition is backed by the adoption of the Hamming Quasi-Cyclic scheme by NIST, marking another milestone in the move toward a quantum-safe infrastructure, as it is based on lattice-based cryptography that is believed to be resistant to both current and emerging quantum attacks. This adoption further solidifies the transition into this field. There has also been a strong emphasis on the urgency of the issue from the White House in policy directives issued by the White House. 

A number of federal agencies have been instructed to begin phasing out vulnerable public key encryption protocols. The directive highlights the growing consensus that proactive mitigation is essential in light of the threat of "harvest now, decrypt later" strategies, where adversaries collect encrypted data today in anticipation of the possibility that future quantum technologies can be used to decrypt it. 

Increasing quantum breakthroughs are making it increasingly important to move to post-quantum cryptographic systems as soon as possible, as this is no longer a theoretical exercise but a necessity for the security of the world at large. While the 22-bit RSA key is very small when compared to the 2048-bit keys commonly used in contemporary cryptographic systems, the recent breakthrough by Shanghai researchers holds a great deal of significance both scientifically and technologically. 

Previously, quantum factoring was attempted with annealing-based systems, but had reached a plateau at 19-bit keys. This required a significant number of qubits per variable, which was rather excessive. By fine-tuning the local field and coupling coefficients within their Ising model, the researchers were able to overcome this barrier in their quantum setup. 

Through these optimisations, the noise reduction and factoring process was enhanced, and the factoring process was more consistent, which suggests that with further refinement, a higher level of complexity can be reached in the future with the RSA key size, according to independent experts who are aware of the possible implications. 

Despite not being involved in this study, Prabhjyot Kaur, an analyst at Everest Group who was not involved, has warned that advances in quantum computing could pose serious security threats to a wide range of industries. She underscored that cybersecurity professionals and policymakers alike are becoming increasingly conscious of the fact that theoretical risks are rapidly becoming operational realities in the field of cybersecurity. 

A significant majority of the concern surrounding quantum threats to encryption has traditionally focused on Shor's algorithm - a powerful quantum technique capable of factoring large numbers efficiently, but requiring a quantum computer based on gate-based quantum algorithms to be implemented. 

Though theoretically, these universal quantum machines are not without their limitations in hardware, such as the limited number of qubits, the limited coherence times, and the difficult correction of quantum errors. The quantum annealers from D-Wave, on the other hand, are much more mature, commercially accessible and do not have a universal function, but are considerably more mature than the ones from other companies. 

With its current generation of Advantage systems, D-Wave has been able to boast over 5,000 qubits and maintain an analogue quantum evolution process that is extremely stable at an ultra-low temperature of 15 millikelvin. There are limitations to quantum annealers, particularly in the form of exponential scaling costs, limiting their ability to crack only small moduli at present, but they also present a unique path to quantum-assisted cryptanalysis that is becoming increasingly viable as time goes by. 

By utilising a fundamentally different model of computation, annealers avoid many of the pitfalls associated with gate-based systems, including deep quantum circuits and high error rates, which are common in gate-based systems. In addition to demonstrating the versatility of quantum platforms, this divergence in approach also underscores how important it is for organisations to remain up to date and adaptive as multiple forms of quantum computing continue to evolve at the same time. 

The quantum era is steadily approaching, and as a result, organisations, governments, and security professionals must acknowledge the importance of cryptographic resilience as not only a theoretical concern but an urgent operational issue. There is no doubt that recent advances in quantum annealing, although they may be limited in their immediate threat, serve as a clear indication that quantum technology is progressing at a faster ra///-te than many had expected. 

The risk of enterprises and institutions not being able to afford to wait for large-scale quantum computers to become fully capable before implementing security transitions is too great to take. Rather than passively watching, companies and institutions must start by establishing a full understanding of the cryptographic assets they are deploying across their infrastructure in order to be able to make informed decisions about their cryptographic assets. 

It is also critical to adopt quantum-resistant algorithms, embrace crypto-agility, and participate in standards-based migration efforts if people hope to secure digital ecosystems for the long term. Moreover, continuous education is equally important to ensure that decision-makers remain informed about quantum developments as they develop to make timely and strategic security investments promptly. 

The disruptive potential of quantum computing presents undeniable risks, however it also presents a rare opportunity for modernizing foundational digital security practices. As people approach post-quantum cryptography, the digital future should be viewed not as one-time upgrade but as a transformation that integrates foresight, flexibility, and resilience, enabling us to become more resilient, resilient, and flexible. Taking proactive measures today will have a significant impact on whether people remain secure in the future.
Read more »
Subscribe to: Posts (Atom)