Toggle light / dark theme

Get the latest international news and world events from around the world.

Log in for authorized contributors

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

“Advances in quantum research and development have shifted the risk horizon,” Mark Russinovich, chief technology officer of Microsoft Azure, said. “We believe cryptographically relevant quantum computers could arrive sooner than previously expected – and the work required to prepare is significant, so organizations need to start now.”

To that end, the Windows maker is speeding up the Microsoft Quantum Safe Program (QSP) timeline with the goal of transitioning critical products and services to post-quantum cryptography (PQC) by 2029. The company is also planning to incorporate PQC requirements into its Secure Future Initiative (SFI).

Some key focus areas include upgrading network cryptography by adopting TLS 1.3, building crypto-agility for stored data to facilitate the ability to change cryptography without having to redesign the underlying systems, and transitioning to PQC algorithms to secure trust chains, such as code signing, certificate issuance, key protection, and update pipelines.

Ousaban Banking Trojan Targets Iberian Bank Users with Fake PDF Lures

The current version moves that screening to the operator’s server, so the exact rules are hidden. Either way, visitors outside Spain or Portugal get a Spanish “access denied” notice instead of malware.

Clear the check, and the download starts. A script downloads an image that looks like a PDF icon but hides a ZIP file inside, a trick called steganography. The script unpacks Ousaban from that ZIP, runs it, then deletes the image, the ZIP, and itself to leave less behind. Once running, Ousaban adds a registry entry named Financeiro (Portuguese for “finance”) so it starts up with Windows.

Ousaban’s command server, the machine that controls it, is deliberately hard to find. It carries a Pastebin link that points to one server address, but Fortinet says that address is a decoy.

Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic

The issues have been addressed in ColdFusion 2023 Update 21 and ColdFusion 2025 Update 10. Security researchers Anirudh Anand, Matan Sandori, and 2Bsecure have been credited with discovering and reporting CVE-2026–48283, CVE-2026–48313, and CVE-2026–48307.

Separately, Adobe has also shipped fixes to close out a critical flaw in Adobe Campaign Classic impacting versions ACC v7: 7.4.3 build 9,396 and earlier for Windows and Linux that could result in arbitrary code execution.

The vulnerability, tracked as CVE-2026–48286 (CVSS score: 10.0), is a case of incorrect authorization that could enable an attacker to execute arbitrary code on affected systems. It has been patched in version ACC v7: 7.4.3 build 9397.

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor’s safety sandbox and run any command on a developer’s computer. There is no click to fall for and no approval box to ignore.

Cato AI Labs found the pair and named them DuneSlide. They are tracked as CVE-2026–50548 and CVE-2026–50549, both rated 9.8 out of 10 (or 9.3 under the newer CVSS 4.0 scale).

The fix is already out. Both bugs are patched in Cursor 3.0, released April 2, and every version before 3.0 is affected. Cursor’s maker says more than half the Fortune 500 use the tool, so if you run it, update now.

New ChocoPoC malware targets researchers via trojanized PoC exploits

Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers.

Hiding malware in PoC exploits for various vulnerabilities is not new, as there are examples of threat actors posing as real security researchers and taking advantage of trending vulnerabilities to target vulnerability and penetration testers or low-skilled hackers.

However, ChocoPoC stands out for not embedding the malware directly in the exploit file but for adding malicious Python packages to the PoC’s dependency list.

Consciousness likely not unique to earthlings, paper says

Does consciousness depend on flesh and blood?

The answer is almost certainly no, according to Eric Schwitzgebel, a distinguished professor of philosophy at the University of California, Riverside.

In a new working paper, Schwitzgebel and Jeremy Pober, a former UCR graduate student who is now a postdoctoral researcher at the University of Lisbon, assert that consciousness is likely possible in life forms made of much different stuff. Think of the five-limbed alien with a rock-like exterior in the recent blockbuster movie “Project Hail Mary.”

/* */