post-quantum cryptography Archives

Winsage

June 4, 2026

ADCS Now Generates Post-Quantum Certificates For Windows

Active Directory Certificate Services (ADCS) now supports the generation of post-quantum certificates, enhancing quantum-safe cryptography within Windows' secure connection protocols. Microsoft has integrated PQ TLS hybrid key exchange into the Windows Transport Layer Security (TLS) stack, providing protection against "Harvest Now, Decrypt Later" attacks. The PQ TLS hybrid key exchange combines traditional cryptographic methods with the NIST ML-KEM algorithm, offering three hybrid combinations: X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1_MLKEM1024. This feature is available in preview via the Windows Insider Program and will be rolled out to Windows 11 and Windows Server. Additionally, Windows cryptography APIs now support composite ML-KEM and ML-DSA algorithms, which are NIST-approved standards for key exchange and digital signatures, enhancing security by requiring multiple components to be compromised. Microsoft emphasizes the importance of establishing new Certification Authorities (CAs) for implementing post-quantum certificate issuance, as existing CAs cannot be upgraded. The introduction of ML-DSA support within ADCS allows organizations to counter HNDL risks associated with long-lived data. Organizations are encouraged to inventory their use of public-key cryptography, prioritize systems protecting sensitive data, and test hybrid and composite approaches in non-production environments to facilitate a smooth transition to quantum-safe cryptography.

Winsage

May 28, 2026

Your Windows PC has a security deadline in June 2026

A Secure Boot certificate refresh is being deployed across supported Windows devices via Windows Update. The Secure Boot certificates from 2011 will begin to expire in June 2026, prompting Microsoft to introduce new 2023-dated certificates to maintain security. Most users will require minimal action if their PCs are updated, but older devices may face challenges. The current certificates include: - Microsoft Corporation KEK CA 2011: expires June 24, 2026 - Microsoft UEFI CA 2011: expires June 27, 2026 - Microsoft Windows Production PCA 2011: expires October 19, 2026 The new certificates will remain valid until 2038, with plans for post-quantum cryptography around 2030. While PCs using the 2011 certificates will continue to function, they will lose access to new security protections, making them vulnerable to emerging threats. A notable example of such a threat is the BlackLotus bootkit, which exploited vulnerabilities to bypass Secure Boot. Microsoft's rollout strategy involves a staged update process that typically takes around 48 hours and may require restarts. Users are advised to keep Windows updated and check their Secure Boot status. Known issues may arise for older PCs, systems that bypassed Windows 11 requirements, Legacy BIOS systems, and custom firmware configurations. IT teams managing devices should inventory their systems, monitor specific event IDs, test updates, and document devices that cannot be updated.

AppWizard

May 13, 2026

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google introduced a new opt-in feature for Android users called Intrusion Logging, which enhances the analysis of spyware attacks as part of the Advanced Protection Mode. Developed with Amnesty International and Reporters Without Borders, it logs daily device and network activities, including app activity, installations, network connections, file transfers, system certificate modifications, and device lock events. The log data is encrypted and stored securely, accessible only to the device owner. Logs are retained for 12 months and cannot be deleted by users before expiration, though they can be downloaded for offline storage. Intrusion Logging also records network events during Chrome's Incognito mode. This feature is beneficial for high-risk individuals who may be targets of surveillance. Users can access the logs through the Settings app, and the rollout is underway for devices with the Android 16 December update and newer. Additionally, Google announced other privacy and security features, including a verified financial call feature to combat scams, expansion of Live Threat Detection, evaluation of APK files for malware, revocation of accessibility services API access from non-designated apps, and enhancements to Find Hub's Mark as Lost feature. Other updates include improved device recovery options, enhanced privacy controls, introduction of AISeal with pKVM, expansion of Binary Transparency, protection against OTP theft, and strengthening data protection with post-quantum cryptography.

AppWizard

May 8, 2026

Google is turning Android Studio into a policy watchdog

Google is enhancing the development experience for Android app creators by expanding Play Policy Insights within Android Studio, allowing developers to identify potential policy issues during coding. Developers will connect their Play developer accounts to access tailored insights. Google is also leveraging the SDK Index, a searchable database of Android SDKs, to provide crucial information on permissions and compliance with Play policies. To improve app security and user privacy, Google is upgrading the Play Integrity API for quicker detection of fraud and abuse, and introducing new privacy tools like a contact picker and location button. Support for post-quantum cryptography in Play App Signing will be added to protect apps from future threats. Developer verification will be implemented across Android to prevent the distribution of harmful apps. Google is revamping the Play Console to streamline the app publishing process, introducing expanded pre-review checks for common policy violations, a release status API for tracking approvals, and a feature to prevent new commits during reviews. Parallel publishing will be rolled out to avoid delays in updates. Additional enhancements include a Submission History log, secure account transfer tools, AI-powered policy recommendations, and expanded Play Academy training resources for new developers.

AppWizard

April 18, 2026

Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits

On April 16, Google released Android 17 Beta 4, concluding its beta phase and focusing on app compatibility and platform stability. Developers must finalize updates for Android 17 to avoid delays when the stable version is released. Key behavioral changes for apps targeting Android 17 include: - Large-screen resizability restrictions, preventing apps from opting out of maintaining orientation, resizability, and aspect ratio constraints. - Expanded restrictions on dynamic code loading, requiring native files loaded via System.load() to be read-only. - Certificate Transparency is enabled by default. - Local network access is restricted by default, with a new ACCESSLOCALNETWORK permission for persistent access. - Stricter rules on background audio interactions, including playback and volume change APIs. Android 17 introduces per-app memory limits based on device RAM to target memory leaks and anomalies, with minimal impact expected on app sessions. Developers can check for memory limit impacts via ApplicationExitInfo and utilize profiling tools in Android Studio Panda. An on-device anomaly detection service monitors resource-intensive behaviors and provides profiling artifacts. Additionally, the Android Keystore now supports ML-DSA for quantum-safe signatures, allowing developers to generate keys and create signatures within secure hardware.

Tech Optimizer

April 15, 2026

Avast Antivirus: Free Protection Faces Rising AI Threats in Cybersecurity Market

Avast Antivirus offers a robust free version with premium features, providing high-quality protection against cyber threats, including viruses, spyware, and ransomware. Key features include Smart Scan, Password Manager, and Network Inspector, which help users identify vulnerabilities and safeguard their data. Avast has a global user base of over 435 million and is particularly relevant in the U.S., where data breaches affect millions annually. The company operates under Gen Digital, which acquired Avast in 2022, leveraging a freemium model to attract users and upsell advanced features. Avast focuses on AI-driven threat detection and maintains a strong market position against competitors like Norton and McAfee. The global cybersecurity market has surpassed 0 billion, driven by increasing threats, and Avast counters these with machine learning capabilities. Risks for Avast include zero-day exploits, privacy concerns, and competition from built-in OS protections. Avast's cloud-based updates and multilingual support enhance its appeal, while its integration with smart home devices is planned for the future.

Tech Optimizer

April 14, 2026

Norton (durch Symantec Übernahme teilweise verknüpft, aber Marke liegt bei Gen Digital. Broadcom i

Norton, owned by Gen Digital, provides antivirus software, VPN services, and identity theft monitoring to protect users from cyber threats such as malware and phishing attacks. The company emphasizes subscription-based revenue through Norton 360, which bundles various security features, ensuring predictable cash flow. Norton competes with other antivirus brands like McAfee and Bitdefender, maintaining a strong market share in North America due to its established brand trust. The demand for cybersecurity tools is driven by rising cyber threats, including ransomware attacks and increased remote work, which necessitate robust online protection. Gen Digital is investing in AI-driven threat detection and expanding its offerings to address evolving security needs. However, Norton faces challenges from free alternatives, potential privacy concerns, and macroeconomic pressures that could affect consumer spending on security products.

AppWizard

April 10, 2026

Privacy Messenger Session Is Staring Down a 90-Day Countdown to Obscurity

The messaging app Session, which prioritizes user privacy and offers end-to-end encryption without requiring personal information for registration, is facing potential closure and has issued a call for support. The Session Technology Foundation (STF) has received funding to support operations for 90 days but will rely on volunteers after all paid staff have been let go. Development activities have paused due to insufficient funding, affecting the introduction of new features and the resolution of existing bugs. The STF has stated that it needs million to complete ongoing projects and introduce a subscription model to achieve self-sustainability. As of now, 0,000 has been raised towards this goal. Users can contribute at getsession.org/donate.

AppWizard

March 27, 2026

Google rolling out Android 17 Beta 3 for Pixel

Google has released Android 17 Beta 3, introducing Platform Stability, which finalizes internal and external APIs and app-facing behaviors for developers. Key enhancements include full activation of bubbles for multitasking, a redesigned screen recording toolbar, customizable photo picker grid view, support for 14-bit per pixel RAW images, vendor-defined camera extensions, Bluetooth LE audio hearing aids, reduced wakelocks for idle alarms, a system-provided location button, post-quantum cryptography hybrid signing, widget support on external displays, desktop interactive picture-in-picture, VPN app exclusion settings, and dynamic system font fallback. Feedback can be submitted through the Android Beta Feedback tool, and system images are available for various Pixel devices.

Tech Optimizer

January 28, 2026

Top Android Antivirus Apps for 2026: Reviews and Key Features

Android users face increasing cyber threats as we approach 2026, with AI-driven malware and ransomware becoming more prevalent. The antivirus market has evolved to include advanced features like real-time threat intelligence and integrated privacy tools. Norton Mobile Security is noted for its machine learning-powered malware detection, VPN, app advisor, and dark web monitoring, achieving a 99.9% detection rate. TotalAV offers user-friendly antivirus scanning and system optimization, with features like real-time phishing protection and cloud-based scanning. Aura Antivirus combines antivirus with identity theft protection and family safety features, excelling in AI-driven behavioral analysis. Bitdefender Mobile Security is recognized for its lightweight design, anti-theft features, and effective web protection. McAfee Mobile Security provides secure Wi-Fi scanning and IoT integration, with high user satisfaction reported. Norton leads in predictive analytics, while TotalAV includes a VPN for remote workers. Aura offers family-oriented tools and compliance-friendly features, incorporating blockchain technology for secure identity verification. Bitdefender is efficient in battery usage and has a high detection rate. McAfee supports multi-device protection and has strong customer support. Norton’s dark web monitoring helps prevent identity theft, and TotalAV blocks trackers and ads. Aura links antivirus protection to financial security with credit monitoring. Bitdefender automates threat responses and has a strong anti-ransomware module. McAfee scans for vulnerabilities in smart devices and provides threat intelligence feeds. Future developments may include quantum-resistant encryption. TotalAV is praised for its user interface, while Aura encourages user feedback for improvements. Bitdefender uses machine learning to reduce false positives, and McAfee employs predictive modeling for personalized security. Organizations must evaluate antivirus solutions based on integration with existing security frameworks, cost, and performance impact. Emerging trends include biometric authentication and deeper hardware-level security protections.