In today’s cybersecurity news…
Quantum decryption gets theoretically easier
When we talk about quantum computers breaking cryptography, we’re specifically referring to their ability to solve the factorization problem used by RSA and ECC algorithms. This has been based on Shor’s algorithm, but it has required an estimated 1,000,000 qubits, which remains far from feasible. However, the Advanced Quantum Technologies Institute announced a new Jesse-Victor-Gharabaghi (mercifully abbreviated JVG) quantum decryption algorithm that claims to require fewer than 5,000 qubits to break current encryption. Both Shor and JVG algorithms use a combination of classical and quantum systems, but JVG offloads more work to classical systems. Shor’s algorithm has been studied for years, so further evaluation by researchers is needed to verify the claims of JVG.
OpenAI alters the deal with the Pentagon
Last week, OpenAI agreed to terms with the Pentagon to use its AI models on classified military information, following an end to negotiations with Anthropic. At the time, OpenAI CEO Sam Altman claimed the agreement contained more guardrails than previous agreements with Anthropic. However, this week Altman said it was working with the Department of Defense to add terms to its contract exclude usage by the National Security Agency and to “prohibit deliberate tracking, surveillance or monitoring of US persons or nationals, including through the procurement or use of commercially acquired personal or identifiable information.”
(FT)
South Korea leaks crypto keys for all to see
Last Thursday, South Korea’s National Tax Service decided to give itself a well-deserved pat on the back, announcing it seized 8.1 billion won worth of digital assets from 124 tax evaders, that’s about $5.6 million USD. The press release featured some photos from the seizures, including a note that had the seed phrase for a hardware crypto wallet. By Friday morning, the wallet had been drained of about $4.8 million in PRTG tokens. While certainly egg on the face for the NTS, it should be noted that those tokens account for 40% of the entire PRTG supply, with transaction volume in the hundreds of dollars on a typical day. So, actually cashing out those tokens or moving them to another platform would put up a massive red flag.
RedAlert Spyware hits Israel
If we’ve learned nothing else from the ongoing war in Ukraine, the chaos of war creates the perfect breeding ground for a cyberattack. CloudSEK saw a new campaign exploiting the Israel-Iran conflict, with threat actors using a spoofed version of an app for missile strike notifications from the Israel Defense Forces Home Front Command. This app relays legitimate alerts but also runs a surveillance payload in the background. This app must be sideloaded and gives telltale red flags, asking for GPS, SMS access, and contract-sharing permissions. The app shows significant sophistication, spoofing the legitimate app’s signing certificate, altering installation data to make it appear to come from the Play Store, and using proxy hooks to bypass Android’s built-in integrity checks.
Huge thanks to our sponsor, Adaptive Security
Coalition building security foundations for 6G
We’re still a long way from finalizing any spec for what 6G networks will look like, with only broad strokes on ultra-low latency, AI integration, and linking satellite and terrestrial systems. But that doesn’t mean it’s too early to think about security. The UK, US, Canada, Japan, Australia, Sweden, and Finland announced the formation of the Global Coalition on Telecoms to set out non-binding principles aimed at developing 6G with a “secure by design” approach. Their initial guidance calls for stronger threat containment, diversification of the 6G supply chain to prevent systemic threats, and support for quantum-resistant cryptography. This is meant to guide vendors, academics, and trade groups in 6G development.
Honeywell spars with researcher on vulnerability severity
Cybersecurity researcher Gjoko Krstic is known for investigating building control systems, most recently turning his attention to Honeywell’s IQ4 controller. He found that, out of the box, these controllers expose management interfaces without authentication, allowing external access that could lock out admins. He reported this to Honeywell in December 2025. However, the company declined to make any changes, arguing the devices is for on-premises use and not exposed to the internet. Krstic counted that he found 7,500 internet-exposed instances, with 20% accessible without authentication, telling Security Week: “I’ve seen installations where the user account has not been created and I was able to write changes to components.” Krstic reached out to the CERT Coordination Center at Carnegie Mellon University to mediate the vulnerability disclosure with Honeywell.
LexisNexis confirms data breach
The data analytics company confirmed that threat actors accessed customer and business information in a recent cyberattack. This disclosure follows the group FulcrumSec’s leak of 2GB of files from LexisNexis on illicit forums. FulcrumSec claims they exploited the React2Shell vulnerability in an unpatched React frontend app to access the company’s AWS infrastructure. LexisNexis claims most stolen data were legacy files from before 2020, such as customer names, surveys, IP addresses, support tickets, and business contact information. FulcrumSec claims the data includes contact information for government employees, and that they unsuccessfully tried to extort LexisNexis.
A look at cybercriminal demographics
I don’t know if the picture of the classic “hacker” as a teenager in a hoodie was ever representative of cybercriminals, but Orange Cyberdefense’s latest Security Navigator report shows it’s definitely an outlier today. In an analysis of hundreds of public arrest and takedown notices globally between 2021 and 2025, 37% of all cases involved threat actors aged 35-44, those dang millennials are still hacking. The next most common demo was 25-34, accounting for 30%, followed by 21% 18-24 years old, and less than 5% under 18. The 18-24 demo most commonly got arrested for illicit system access, involved in 30% of all cases. The 25-34 demo focused on selling stolen data and cyber extortion most commonly, while the elder 35-44 demo focused on cyber extortion and deploying malware.