惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
LINUX DO - 热门话题
S
Secure Thoughts
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threat Research - Cisco Blogs
AI
AI
B
Blog RSS Feed
S
Schneier on Security
雷峰网
雷峰网
Schneier on Security
Schneier on Security
Help Net Security
Help Net Security
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
罗磊的独立博客
有赞技术团队
有赞技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
The Cloudflare Blog
Webroot Blog
Webroot Blog
Last Week in AI
Last Week in AI
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
美团技术团队
L
Lohrmann on Cybersecurity
T
The Blog of Author Tim Ferriss
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Vercel News
Vercel News
Know Your Adversary
Know Your Adversary
O
OpenAI News
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
I
InfoQ
GbyAI
GbyAI
T
Threatpost
C
Cisco Blogs

www.infosecurity-magazine.com

Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies STX RAT Targets Finance Sector With Advanced Stealth Tactics Bitcoin Depot Reports $3.6m Crypto Theft After System Breach Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs Google Warns of New Threat Group Targeting BPOs and Helpdesks Google API Keys Quietly Gain Access to Gemini on Android Devices Critical Vulnerability in Ninja Forms Exposes WordPress Sites Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs New 'Storm' Infostealer Remotely Decrypts Stolen Credentials NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts Apple Expands iOS 18 Security Updates Amid DarkSword Threat Researchers Observe Sub-One-Hour Ransomware Attacks GitHub Used as Covert Channel in Multi-Stage Malware Campaign Most CNI Firms Face Up to £5m in Downtime from OT Attacks Google Introduces Android Dev Verification Amid Openness Debate New Venom Stealer MaaS Platform Automates Continuous Data Theft Chinese Hackers Target European Governments in Espionage Campaigns Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year Hackers Hijack Axios npm Package to Spread RATs Maryland Man Charged Over $53m Uranium Finance Crypto Hack Phantom Project Bundles Infostealer, Crypter and RAT For Sale ChatGPT Security Issue Enabled Data Theft via Single Prompt TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets Employee Data Breaches Surge to Seven-Year High NCSC Urges Immediate Patching of F5 BIG-IP Bug Cybercriminals Exploit Tax Season With New Phishing Tactics Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection Critical Citrix NetScaler Vulnerability Exploited in the Wild ICO Fines UK Nuisance Call Scammers £100,000 European Commission Confirms Cloud Data Breach New Wave of AiTM Phishing Targets TikTok for Business TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns Iran-Linked Pay2Key Ransomware Group Re-Emerges Invoice Fraud Costs UK Construction Sector Millions, NCA Warns Cloud Phones Linked to Rising Financial Fraud Threat Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne US: FCC Bans Foreign-Made Routers Over National Security Concerns TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise Experts Sound Alarm Over “Prompt Poaching” Browser Extensions Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security Russian Initial Access Broker Handed 81-Month Sentence Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems Tycoon2FA Phishing Service Resumes Activity Post-Takedown High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports Trivy Supply Chain Attack Expands With New Compromised Docker Images CISA Orders US Government to Patch Maximum Severity Cisco Flaw Operation Alice Takes Down 370,000+ Dark Web Sites Hackers Exploit Critical Langflow Bug in Just 20 Hours NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation Financial Brands Targeted in Global Mobile Banking Malware Surge FCA Updates Cyber Incident and Third-Party Reporting Rules AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs New Ubuntu Flaw Enables Local Attackers to Gain Root Access Crypto Scam "ShieldGuard" Dismantled After Malware Discovery AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner Android OS-Level Attack Bypasses Mobile Payment Security 'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears Aeternum Botnet Shifts Command Control to Polygon Blockchain Leading Semiconductor Supplier Advantest Hit by Ransomware Attack Remcos RAT Expands Real-Time Surveillance Capabilities SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day Phorpiex Phishing Delivers Low-Noise Global Group Ransomware BridgePay Confirms Ransomware Attack, No Card Data Compromised New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability Labyrinth Chollima Evolves into Three North Korean Hacking Groups Google Disrupts Extensive Residential Proxy Networks
Trump Issues Executive Order to Fast-Track Post-Quantum Migration
https://www.infosecurity-magazine.com/profile/kevin-poireault/ · 2026-06-23 · via www.infosecurity-magazine.com

US federal agencies will have to complete their post-quantum cryptography (PQC) migration by 2030, or 2031 at the latest depending on use cases.

In a new executive order (EO) signed on June 22 (EO 14409), US president Donald Trump issued requirements designed to help accelerate the migration to quantum-safe technologies.

This move aims to “safeguard America’s most sensitive data, our critical infrastructure, and the digital economy that drives jobs and growth,” the White House explained in a fact sheet accompanying the executive order.

The main requirement is that all US federal agencies should transition “high value assets” and “high impact systems” to use PQC for key establishment by December 31 2030 and for “digital signatures” by December 31 2031.

Key establishment refers to key-encapsulation mechanisms (KEM), which are sets of algorithms that, under certain conditions, can be used by two parties to establish a shared secret key over a public channel.

Digital signatures are standardized suites of algorithms used to detect unauthorized modifications to data and to authenticate the identity of a user.

In addition to these deadlines, the EO requires the US Department of Commerce to immediately initiate a pilot project for PQC migration and to complete it by December 31, 2027.

Federal Push to Accelerate PQC Migration and Coordination

Beyond timed requirements, President Trump directed the Office of Management and Budget (OMB)and US National Cyber Director to lead an accelerated nationwide transition to PQC.

He also called on the State Department and other agencies to support critical infrastructure operators and international partners in adopting PQC.

Finally, the executive order tasked the OMB, the Department of Defense, NASA and the General Services Administration with identifying cost efficiencies in the migration strategy. The Federal Acquisition Regulatory Council has been instructed to ensure contractors meet federal cybersecurity and vulnerability disclosure standards by 2030.

Quantum Threats Reshape Security Priorities, Experts Warn

This new executive order underscores the growing risk of “harvest now, decrypt later” attacks, where adversaries collect encrypted data today with the intention of breaking it once quantum computing becomes viable – a scenario commonly called Q‑Day.

Speaking to Infosecurity, Laurent Leloup, secretary general of the Global Quantum Threat Alliance (GQTA), highlighted that this executive order “marks a systemic shift” by “moving from ‘quantum’ project management to a national security emergency.”

“By pulling the PQC transition deadline forward to 2030, Washington is imposing a brutal acceleration that de facto weakens organizations that opted for a diluted approach to their resilience,” he argued.

He also warned that critical industries like the financial sector should therefore “immediately overhaul their trust architectures” and adopt crypto-agility, else they will “face security obsolescence.”

Crypto-agility is a concept that involves creating an abstract layer between the applications and the cryptography libraries allowing security teams to update to the latest encryption algorithms without having to replace their stack entirely.

Instead of directly integrating the encryption algorithms into the code, following a crypto agile approach means security teams will just have to send a command to ‘encrypt’ and the abstract layer connects to a security policy that says, “for any ‘encrypt,’ command use this standard with these key parameters.”

Gary Barlet, public sector CTO at Illumio, also warned that the quantum research community should now focus their efforts on helping PQC transition before focusing “solely on future encryption standards.”

“The more immediate challenge is protecting the people, systems, research environments and supply chains that support quantum innovation today,” he said.

“Adversaries do not need a quantum computer to steal quantum breakthroughs. They only need access. That is why visibility, segmentation, and breach containment strategies remain critical. Protecting quantum research starts with assuming compromise is possible and ensuring that one successful intrusion cannot become a broader national security event."

Read now: How Businesses Should Approach the Post-Quantum Cryptography Transition

Industry Momentum Accelerates Shift to Quantum-Safe Encryption

The private sector has already begun moving toward post-quantum cryptography, with firms such as Google, Dell and HP outlining transition efforts over the coming decade and Cloudflare targeting full PQC migration by 2029.

Now, the US government is seeking to formalize and accelerate this shift through a coordinated national strategy.

Read more: Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google

The push also comes amid rising international momentum, with France’s cybersecurity agency (ANSSI) announcing it will stop certifying products that lack quantum-safe encryption starting in 2027, adding further pressure on organizations to act quickly.

Billy McDiarmid, VP at cybersecurity firm Red Sift, noted that despite “important work being done by government, industry and academia” towards accelerating the PQC transition, “the pace has not always matched the scale of the risk.”

“The 2031 federal target is an important marker, but it should not be treated as a comfortable deadline. Any organization holding data that needs to remain private for years should be planning against a 2029-2031 window now,” McDiarmid advocated.

He also emphasized that “post-quantum migration is not just about buying new algorithms” but also to ensure all certificates, keys, applications, APIs, cloud services, suppliers, devices and third-party systems are secure with quantum-safe encryption.