Loading...
Loading...
Security researchers confirmed that the Kyber ransomware family is using— or at least claiming to use—ML-KEM (the Kyber post-quantum key-encapsulation standard) to encrypt victims’ AES-256 keys, marking the first known ransomware instance tied to post-quantum cryptography. Rapid7 and Rapid7-linked analysts reverse-engineered Windows and VMware-targeting variants: the Windows build truly used ML-KEM1024 to wrap AES keys, while the VMware variant actually used RSA-4096. Analysts say the move is la
GnuPG 2.5.19 is released, marking a key step: mainline support for the post-quantum KEM Kyber (ML-KEM / FIPS-203) for encryption alongside other enhancements and bug fixes. The 2.5 series improves 64-bit Windows support and introduces options such as --use-ocb-sym and session-hash display flags; gpgsm and agent components gained cipher-mode handling, CRL/PKCS#12 fixes, smartcard pinentry improvements, and better GCM/de-vs compliance. Multiple security and correctness bugs (RSA padding, key refresh edge cases, trustlist parsing, gpgtar directory checks) were fixed, and the project warns that the 2.4 series reaches end-of-life in two months. The release is fully backward compatible and available from gnupg.org. This update advances encryption tooling readiness for quantum-resistant deployments.
GnuPG 2.5.19 was released, notably adding Kyber (ML-KEM/FIPS-203) post-quantum encryption support to the mainline OpenPGP implementation and continuing 64-bit Windows improvements. The release, a drop-in update ahead of 2.4’s imminent end-of-life, also introduces new gpg and gpgsm options (OCB symmetric mode, session-hash display, and cipher-mode in --cipher-algo), smarter pinentry behavior for smartcards, and a new dirmngr keyserver keyword. Multiple bug fixes address key refresh edge cases, PKCS#12 import quirks, GCM and certificate handling, RSA signature padding, and gpgtar directory checks. The update matters because GnuPG is a core encryption tool used across software and services, and PQC integration prepares the ecosystem for quantum-resistant communications.
GnuPG 2.5.19 introduces post-quantum encryption support by adding Kyber (ML-KEM / FIPS-203) to mainline, while the older 2.4 series nears end-of-life in two months. The 2.5 branch also includes improvements for 64-bit Windows. Adding Kyber brings a standardized, quantum-resistant key-encapsulation mechanism into a widely used open-source encryption suite, signaling practical adoption of post-quantum cryptography (PQC) for email and file encryption workflows. This matters because GnuPG is a foundational tool in secure communications; mainline PQC support can accelerate ecosystem updates, interoperability testing, and readiness for future quantum threats. Administrators and users should plan upgrades and evaluate compatibility with existing tooling.
Security researchers confirmed that the Kyber ransomware family is using— or at least claiming to use—ML-KEM (the Kyber post-quantum key-encapsulation standard) to encrypt victims’ AES-256 keys, marking the first known ransomware instance tied to post-quantum cryptography. Rapid7 and Rapid7-linked analysts reverse-engineered Windows and VMware-targeting variants: the Windows build truly used ML-KEM1024 to wrap AES keys, while the VMware variant actually used RSA-4096. Analysts say the move is largely marketing: PQC libraries are easy to drop into code, the quantum threat to RSA/ECC is years away, and attackers want quick payments, not long-term cryptographic durability. The use of PQC here signals threat actors’ interest in leveraging security buzzwords to pressure victims and influence ransom decisions.