cryptography

Today’s paper from cryptographers at ETH Zurich and the Università della Svizzera italiana shatters a comforting shortcut many of us keep telling friends and colleagues: the marketing line that your cloud password manager has “zero knowledge” of your vault is not an absolute guarantee once you...

A subtle bug in wolfSSL’s OpenSSL compatibility layer has quietly exposed a classic fork‑safety failure: under certain conditions, calls to RAND_bytes() in a child process could produce predictable values because the pseudo‑random generator state was inherited unchanged across fork(). The issue...

The Verify function in Go’s crypto/dsa implementation (crypto/dsa/dsa.go) contained an input‑validation flaw that could be weaponized to force an application into an infinite loop and an effective denial‑of‑service; the bug was tracked as CVE‑2016‑3959 and fixed in the emergency releases Go...

GNU GRUB (GRUB2) contains a timing side‑channel in its cryptographic comparison routine: CVE‑2024‑56738 identifies that versions through 2.12 implement grub_crypto_memcmp in a non‑constant‑time way, which can leak sensitive verification information via timing differences and has prompted vendor...

A subtle formatting quirk in GnuPG’s clearsign handling lets an attacker append unsigned data to a signed message while still passing GnuPG’s verification routine — a signature‑verification bypass tracked as CVE‑2025‑68972 that affects GnuPG releases up to and including 2.4.8 and has been...

Microsoft’s decision to flip a long-standing encryption default in Active Directory — moving Kerberos away from RC4 and toward AES-SHA1 by default — is the most consequential security change for Windows authentication in years, and it arrives after more than two decades of compatibility-first...

Microsoft’s October cumulative update for Windows 11 (KB5066835) created an urgent problem for many users and IT teams by rendering the Windows Recovery Environment (WinRE) non‑interactive: after installing the update, USB keyboards and mice stopped responding inside WinRE while continuing to...

Microsoft’s public roadmap for a quantum‑safe future is no longer a research manifesto: it’s a multi‑year engineering and procurement plan that maps how SymCrypt, Windows, Azure, Microsoft 365 and silicon will evolve to resist the cryptanalytic power of future quantum computers. The company has...

Microsoft’s Azure Cloud HSM service will now run on Marvell’s LiquidSecurity family of hardware security modules (HSMs), a move that extends Marvell’s existing footprint across Azure Key Vault and Managed HSM and brings PCIe‑attached, FIPS‑validated, cloud‑optimized HSM hardware into Microsoft’s...

Microsoft’s decision to expand its use of Marvell’s LiquidSecurity hardware security modules into the Azure Cloud HSM offering marks a notable vote of confidence in cloud-optimized HSM architectures — and sharpens the competitive contours of the HSM-as-a-service market as enterprise customers...

Microsoft has selected Marvell’s LiquidSecurity family of hardware security modules (HSMs) to power its Azure Cloud HSM offering — a move that consolidates Marvell’s role across Azure’s key management portfolio and brings FIPS 140‑3 Level 3‑certified, high‑density PCIe HSMs into Microsoft’s...

Microsoft has published Preview 7 of .NET 10, a release that looks and smells very much like “near feature-complete” for the platform’s November launch — bringing a clutch of pragmatic developer productivity improvements, security enhancements such as passkey integration for ASP.NET Identity...

August 12’s cumulative rollup for Windows Server 2022 (KB5063880, OS Build 20348.4052) is a pivotal update that continues Microsoft’s multi-year campaign to harden identity and boot integrity in Windows environments—most notably by reinforcing the Microsoft RPC Netlogon protocol against...

Satya Nadella’s brief but pointed line on Microsoft’s most recent earnings call — that “the next big accelerator in the cloud will be Quantum” — arrived with more than rhetoric: it was paired with a technical milestone Microsoft describes as a deployed Level 2 quantum capability and explicit...

Satya Nadella’s short sentence on Microsoft’s fiscal Q4 call—“The next big accelerator in the cloud will be Quantum, and I am excited about our progress.”—was both a strategic breadcrumb and a market jolt: paired with Microsoft’s announcement of operational Level 2 quantum capability, it...

The evolution of device encryption across mainstream operating systems is entering a pivotal new era—one fraught with both increased security and heightened risk of data loss, especially for those less familiar with the nuances of modern cryptography. As Microsoft expands the scope of...

Far from the utopian digital commons envisioned by Tim Berners-Lee, the internet of today has become a battleground defined by siloed platforms, centralized gatekeepers, and fragile single points of failure. This march toward digital enclosure and consolidation is not only at odds with the...

For enterprise environments contemplating a rapid migration to Windows Server 2025, the spotlight has recently shifted from the platform’s much-lauded innovations to a potentially game-changing security vulnerability identified by research firm Semperis. This flaw—dubbed “Golden dMSA”—impacts...

In an era where enterprise networks are under increasing threat from ever-more sophisticated adversaries, Microsoft’s introduction of delegated Managed Service Accounts (dMSAs) in Windows Server 2025 was heralded as a transformational leap for Windows security. Promising to eradicate a host of...

As of July 8, 2025, there is no publicly available information regarding a vulnerability identified as CVE-2025-36350, specifically related to an "AMD Store Queue Transient Scheduler Attack." This CVE does not appear in the Common Vulnerabilities and Exposures (CVE) database, and AMD has not...