devtake.dev — #security

devtake.dev — #securityArticles tagged security on devtake.dev.https://devtake.dev/en-usAn AI agent found 21 ways to attack FFmpeg, the codec library inside almost everythinghttps://devtake.dev/article/ffmpeg-21-zero-days/https://devtake.dev/article/ffmpeg-21-zero-days/DepthFirst's agent surfaced 21 FFmpeg zero-days for about $1,000. One 183-byte packet hits RCE. The deeper story is who pays the volunteers who fix them.Sat, 13 Jun 2026 13:00:00 GMTsecuritysecurityffmpegopen-sourcercevulnerabilityfuzzingluca-reinhardtRed Hat's npm namespace and Arch's AUR were both backdoored within two weeks of each otherhttps://devtake.dev/article/npm-registry-supply-chain-wave/https://devtake.dev/article/npm-registry-supply-chain-wave/A worm hijacked Red Hat's npm namespace, a rootkit spread through 1,500 Arch AUR packages, and a SOC 2-certified AI gateway shipped malware. Registries are under fire.Sat, 13 Jun 2026 12:45:00 GMTsecuritysecuritysupply-chainnpmopen-sourcemalwareluca-reinhardtOne bad Host header bypassed auth in Starlette, the routing core under millions of AI agentshttps://devtake.dev/article/ai-agents-package-rce-vulnerability/https://devtake.dev/article/ai-agents-package-rce-vulnerability/A flaw in Starlette, downloaded 325M times a week, let a single Host-header character bypass path-based auth across FastAPI, vLLM, and MCP servers.Mon, 08 Jun 2026 10:00:00 GMTsecuritysecuritysupply-chainai-agentsmcpcve-2026-48710pythonfastapiluca-reinhardtVS Code's webview sandbox leaks GitHub tokens that read and write every private repohttps://devtake.dev/article/vscode-zero-day-github-token-theft/https://devtake.dev/article/vscode-zero-day-github-token-theft/A disclosed VS Code zero-day lets one click on a malicious github.dev notebook steal a GitHub OAuth token with full read-write access to every private repo.Wed, 03 Jun 2026 13:15:00 GMTsecuritysecuritygithubcredential-theftdev-toolsrcesupply-chainoauthluca-reinhardtGoogle is patching an Android flaw that attackers are already exploiting in the wildhttps://devtake.dev/article/android-june-2026-zero-day-patch/https://devtake.dev/article/android-june-2026-zero-day-patch/Google's June 2026 Android bulletin patches an actively exploited Framework privilege-escalation zero-day plus 123 other flaws. Here's who's at risk and what to do.Wed, 03 Jun 2026 11:45:00 GMTandroidandroidgooglesecurityzero-daycve-2025-48595patchpixelnaomi-parkA browser SSD timing trick can fingerprint your browsing, and cookies won't stop ithttps://devtake.dev/article/ssd-activity-browser-side-channel/https://devtake.dev/article/ssd-activity-browser-side-channel/Graz researchers built FROST, a browser side-channel that times SSD activity to guess which sites and apps you're running. Here's how it works and what helps.Wed, 03 Jun 2026 11:30:00 GMTwebprivacysecuritywebbrowser-securityfingerprintingside-channelsupply-chainnaomi-park116,000 Minecraft PCs got infected by fake mods. The 'WeedHack' stealer is free to anyone.https://devtake.dev/article/minecraft-weedhack-malware/https://devtake.dev/article/minecraft-weedhack-malware/McAfee says a free malware-as-a-service stealer called WeedHack has hit 116,000+ Minecraft systems via fake mods and cheats. Here's what it grabs and how to clean up.Wed, 03 Jun 2026 11:00:00 GMTgaminggamingminecraftmalwaresecuritycredential-theftinfostealersupply-chainhiro-tanakaGitHub banned the researcher dropping Windows zero-days. The code was already mirrored everywhere.https://devtake.dev/article/github-bans-researcher-windows-zero-day/https://devtake.dev/article/github-bans-researcher-windows-zero-day/GitHub wiped Nightmare-Eclipse's account on May 23 after weeks of unpatched Windows exploits. The ban reopened the oldest fight in security: who decides what research gets hosted?Fri, 29 May 2026 06:50:00 GMTsecuritysecuritygithubvulnerability-disclosurezero-daymicrosoftwindowssupply-chainrceluca-reinhardtYour car logs every hard brake, and the FTC just banned GM from selling it for five yearshttps://devtake.dev/article/connected-car-data-collection-privacy/https://devtake.dev/article/connected-car-data-collection-privacy/Connected cars collect location, driving behavior, in-cabin audio, and synced contacts, then route it to automaker clouds, brokers, and insurers. Here's how to stop it.Fri, 29 May 2026 06:35:00 GMTsecuritysecurityprivacydata-brokerssurveillanceconnected-carsautomakersftcluca-reinhardtShinyHunters dumped 9.4GB of 7-Eleven franchisee data after a rejected ransom demandhttps://devtake.dev/article/shinyhunters-7-eleven-breach-185k/https://devtake.dev/article/shinyhunters-7-eleven-breach-185k/ShinyHunters breached a 7-Eleven Salesforce instance holding franchisee documents, exposing 185,000 people. The 9.4GB archive hit a leak site after 7-Eleven declined to pay.Wed, 27 May 2026 18:35:00 GMTsecuritysecuritydata-breachshinyhunterssalesforceextortioncredential-theftluca-reinhardtApple is testing an anti-snatch feature that locks the iPhone the second it's grabbedhttps://devtake.dev/article/apple-iphone-anti-snatching-auto-lock/https://devtake.dev/article/apple-iphone-anti-snatching-auto-lock/Code seen by 9to5Mac points to an iPhone feature that auto-locks when the accelerometer detects a snatch, then clamps down like Stolen Device Protection.Wed, 27 May 2026 18:20:00 GMTappleappleiphoneios-27securitystolen-device-protectiontheftnaomi-parkScammers turned a Microsoft notification address into a spam relay. The emails pass SPF, DKIM, and DMARC.https://devtake.dev/article/microsoft-internal-account-spam-abuse/https://devtake.dev/article/microsoft-internal-account-spam-abuse/Spammers found a Tenant Name injection in Entra ID that pushes fraud text into Microsoft's own OTP emails. The from-line reads msonlineservicesteam@microsoftonline.com.Mon, 25 May 2026 12:00:00 GMTsecuritysecuritymicrosoftentra-idphishingdmarcspamhausemail-securitycredential-theftluca-reinhardtGoogle's bug tracker auto-published exploit code for an unpatched Chromium flaw. The bug is still live.https://devtake.dev/article/google-chromium-exploit-code-leak/https://devtake.dev/article/google-chromium-exploit-code-leak/Chromium Issue 1396278 went public on May 20 because Google's tracker auto-clears restrictions on stale closed bugs. The flaw, reported in 2022, was never fixed.Sun, 24 May 2026 10:00:00 GMTsecuritysecuritychromiumchromegoogleservice-workersdev-toolsedgebrowser-securityluca-reinhardtAnthropic's Glasswing logged 10,000 vulnerabilities in a month. Most are still waiting on a patch.https://devtake.dev/article/anthropic-glasswing-deception-monitor/https://devtake.dev/article/anthropic-glasswing-deception-monitor/Anthropic says Project Glasswing's first month produced over 10,000 critical-and-high-severity vulns. Verification and patching is the limiting step.Sat, 23 May 2026 09:45:00 GMTaianthropicclaude-mythosproject-glasswingsecurityai-securitysupply-chainvulnerability-disclosuredieter-morelliApple shipped formal proofs for its post-quantum crypto. 2.5 billion devices now run verified code.https://devtake.dev/article/apple-corecrypto-formal-verification/https://devtake.dev/article/apple-corecrypto-formal-verification/Apple's SEAR team published formal verification proofs for corecrypto's ML-KEM and ML-DSA implementations. 50,000 proof steps cover 2.5 billion active devices.Sat, 23 May 2026 09:15:00 GMTsecurityapplecorecryptopost-quantumcryptographyformal-verificationsecurityml-kemluca-reinhardtGitHub's internal repos were breached. The attacker came in through a poisoned VS Code extension.https://devtake.dev/article/github-internal-repos-breach-vscode-extension/https://devtake.dev/article/github-internal-repos-breach-vscode-extension/GitHub detected the intrusion on May 18 after a malicious VS Code extension compromised an employee's device. The attacker claims to have exfiltrated 3,800 internal repositories.Fri, 22 May 2026 10:15:00 GMTsecuritysecuritygithubvscodesupply-chaincredential-theftdev-toolsluca-reinhardtMicrosoft is killing SMS codes on consumer Microsoft accounts. Passkeys take over by December.https://devtake.dev/article/microsoft-authenticator-sms-passkeys-end/https://devtake.dev/article/microsoft-authenticator-sms-passkeys-end/Microsoft is phasing out SMS sign-in and recovery on personal Microsoft accounts by December 2026. Replacements: passkeys, Authenticator, or verified email.Thu, 21 May 2026 11:30:00 GMTsecuritymicrosoftpasskeyssmsauthenticationfido2microsoft-authenticatorsim-swapsecurityluca-reinhardtA CISA contractor left GovCloud admin keys on public GitHub. The file was named 'Important AWS Tokens.txt'.https://devtake.dev/article/cisa-aws-govcloud-keys-github-leak/https://devtake.dev/article/cisa-aws-govcloud-keys-github-leak/GitGuardian found a public CISA repo with 844 MB of secrets, including AWS GovCloud admin keys. The repo sat open for six months.Thu, 21 May 2026 11:15:00 GMTsecuritysecuritycisagithubsupply-chaincredential-theftawsgitguardiangovcloudluca-reinhardtA bad command-line parser turned every claude-cli:// link into a remote shellhttps://devtake.dev/article/claude-code-rce-deeplink-cve/https://devtake.dev/article/claude-code-rce-deeplink-cve/Joernchen of 0day.click found a deeplink RCE in Claude Code. Anthropic shipped the fix in 2.1.118 the same week.Wed, 20 May 2026 09:15:00 GMTsecuritysecurityanthropicclaude-coderceai-securitysupply-chainai-agentsdev-toolsluca-reinhardtTwin contractors deleted 96 federal databases in 56 minutes. One asked an AI how to clear the logs.https://devtake.dev/article/akhter-twins-opexus-database-deletion/https://devtake.dev/article/akhter-twins-opexus-database-deletion/A federal jury convicted Sohaib Akhter on May 7 of wiping 96 government databases at Opexus. His twin Muneeb queried an AI: 'how do I clear system logs from SQL servers.'Fri, 15 May 2026 09:00:00 GMTsecuritysecurityinsider-threatopexuseeoccredential-theftfoiapolicysupply-chainluca-reinhardtF5 patched an 18-year-old NGINX bug. Attackers can RCE a third of the web with one crafted request.https://devtake.dev/article/nginx-rift-18-year-rce/https://devtake.dev/article/nginx-rift-18-year-rce/F5 disclosed CVE-2026-42945 on May 13 after depthfirst's analyzer found a heap overflow in a 2008 commit. NGINX 1.31.0 ships the patch, every Plus tier needs an upgrade.Thu, 14 May 2026 10:30:00 GMTsecuritysecuritynginxf5cve-2026-42945rceheap-overflowdepthfirstai-securityluca-reinhardtA USB stick now opens a BitLocker drive in 60 seconds. The researcher calls it a backdoor.https://devtake.dev/article/yellowkey-bitlocker-zero-day-bypass/https://devtake.dev/article/yellowkey-bitlocker-zero-day-bypass/A pseudonymous researcher dropped two unpatched Windows zero-days on May 12. YellowKey bypasses BitLocker via WinRE; Microsoft has not acknowledged either bug.Thu, 14 May 2026 10:15:00 GMTsecuritysecuritybitlockermicrosoftwindowszero-daywinretpmfull-disk-encryptionluca-reinhardtSix new bugs hit dnsmasq, the DNS daemon in every Linux router. One gives a local attacker root.https://devtake.dev/article/dnsmasq-six-cves-cert/https://devtake.dev/article/dnsmasq-six-cves-cert/CERT VU#471747 lists six dnsmasq CVEs disclosed May 11. The DHCPv6 flaw is local-root code execution. Simon Kelley credits 'a revolution in AI-based security research.'Wed, 13 May 2026 09:45:00 GMTsecuritysecuritydnsmasqdnsdhcpv6cve-2026-2291cve-2026-4892certopenwrtluca-reinhardtTanStack published its npm supply-chain postmortem. The attack chained three GitHub Actions flaws.https://devtake.dev/article/tanstack-npm-supply-chain-postmortem/https://devtake.dev/article/tanstack-npm-supply-chain-postmortem/Attackers compromised 42 TanStack packages through a pull_request_target exploit, cache poisoning, and OIDC token theft. An external researcher caught it in 20 minutes.Tue, 12 May 2026 10:15:00 GMTsecuritysecuritysupply-chainnpmtanstackgithub-actionscredential-theftdev-toolsluca-reinhardtA crafted Ollama model file leaks the whole server's memory. 300,000 instances are exposed.https://devtake.dev/article/ollama-bleeding-llama-cve-2026-7482/https://devtake.dev/article/ollama-bleeding-llama-cve-2026-7482/Cyera disclosed CVE-2026-7482 on May 1, a CVSS 9.1 unauthenticated heap read in Ollama. Three API calls dump prompts, env vars, and API keys from any open instance.Mon, 11 May 2026 10:00:00 GMTsecuritysecurityollamallmcve-2026-7482local-inferencememorycyeraai-securityluca-reinhardtA nine-year-old Linux kernel bug gives root in one command. No patch exists yet.https://devtake.dev/article/linux-dirty-frag-kernel-privilege-escalation/https://devtake.dev/article/linux-dirty-frag-kernel-privilege-escalation/Dirty Frag chains two page-cache flaws in the ESP and RxRPC subsystems into a deterministic privilege escalation that hits every major distro. A PoC exploit is public.Sun, 10 May 2026 10:00:00 GMTsecuritysecuritylinuxkernelcve-2026-43284privilege-escalationzero-daydirty-fragluca-reinhardt380,000 vibe-coded apps are sitting on the open web. 5,000 of them are leaking real data.https://devtake.dev/article/vibe-coded-apps-expose-corporate-data/https://devtake.dev/article/vibe-coded-apps-expose-corporate-data/RedAccess found that AI coding tools like Lovable, Base44, and Replit default to public hosting, leaving medical records, bank internals, and corporate secrets indexed by Google.Sat, 09 May 2026 08:00:00 GMTsecuritysecurityai-securityai-agentsdev-toolssupply-chainprivacycredential-theftluca-reinhardtShinyHunters hit Canvas LMS for the second time. 275 million student records, 9,000 schools.https://devtake.dev/article/instructure-canvas-breach-shinyhunters-275m/https://devtake.dev/article/instructure-canvas-breach-shinyhunters-275m/ShinyHunters breached Canvas LMS again, claiming 275 million records from 9,000 schools. Names, emails, student IDs, and private messages exposed.Fri, 08 May 2026 09:00:00 GMTsecuritysecuritydata-breachinstructurecanvasshinyhunterseducationsupply-chaincredential-theftluca-reinhardtDAEMON Tools shipped a signed backdoor for almost a month. Kaspersky says one school in Russia got the second stage.https://devtake.dev/article/daemon-tools-supply-chain-backdoor/https://devtake.dev/article/daemon-tools-supply-chain-backdoor/Kaspersky pinned a supply-chain attack on the DAEMON Tools installer dating to April 8. Thousands hit globally, dozens upgraded to a QUIC RAT implant via signed binaries.Wed, 06 May 2026 10:15:00 GMTsecuritysecuritysupply-chaindaemon-toolsmalwarekasperskyquic-ratcode-signingwindowsluca-reinhardtMicrosoft Edge keeps every saved password in cleartext memory. Microsoft calls it 'by design'.https://devtake.dev/article/microsoft-edge-cleartext-passwords-memory/https://devtake.dev/article/microsoft-edge-cleartext-passwords-memory/A researcher showed Edge decrypts the entire password vault at launch and leaves it in process memory. Chrome decrypts on demand. Microsoft says it's intentional.Tue, 05 May 2026 08:45:00 GMTsecuritysecuritymicrosoftedgebrowser-securitycredential-theftchromiumpasswordsprivacyluca-reinhardtDenuvo's single-player DRM is fully cracked. 2K is forcing 14-day online check-ins to fight back.https://devtake.dev/article/denuvo-cracked-2k-fourteen-day-online/https://devtake.dev/article/denuvo-cracked-2k-fourteen-day-online/Pirate trackers hit zero uncracked Denuvo titles for the first time in 12 years. 2K's response: a token that expires every fortnight and locks you out offline.Mon, 04 May 2026 10:10:00 GMTgaminggamingdenuvodrm2k-gamesanti-piracysecuritypc-gaminghiro-tanakaFive Eyes intel agencies publish first joint agentic AI security guide. Their advice: slow down.https://devtake.dev/article/five-eyes-agentic-ai-warning/https://devtake.dev/article/five-eyes-agentic-ai-warning/CISA, NSA, GCHQ, ASD, CSE and NCSC-NZ jointly tell organizations agentic AI isn't ready for fast rollout. The 23-page guide names five risk categories.Mon, 04 May 2026 09:50:00 GMTsecuritysecurityai-securityai-agentsagentscisansapolicyregulationluca-reinhardtA DDoS knocked Ubuntu's update servers offline. The Copy Fail patch landed in the same 24-hour window.https://devtake.dev/article/ubuntu-canonical-313-team-ddos-copyfail/https://devtake.dev/article/ubuntu-canonical-313-team-ddos-copyfail/The 313 Team flooded Canonical's infrastructure starting May 1, blocking apt updates and the Ubuntu security API just as admins needed both.Sat, 02 May 2026 09:30:00 GMTsecurityubuntucanonicalddoscopy-failsecuritysupply-chainlinuxluca-reinhardtMini Shai-Hulud hit PyTorch Lightning. The 11.6M-download PyPI package shipped a credential stealer.https://devtake.dev/article/pytorch-lightning-pypi-compromise-mini-shai-hulud/https://devtake.dev/article/pytorch-lightning-pypi-compromise-mini-shai-hulud/Two malicious lightning releases hit PyPI on April 30. The 42-minute window was enough to ship an RSA-encrypted infostealer to ML developers worldwide.Sat, 02 May 2026 09:00:00 GMTsecuritypytorch-lightningpypisupply-chainmini-shai-huludcredential-theftpythonmlsecurityluca-reinhardt70 million domains had a no-password root bypass. cPanel rushed an emergency patch.https://devtake.dev/article/cpanel-whm-auth-bypass-cve-2026-41940/https://devtake.dev/article/cpanel-whm-auth-bypass-cve-2026-41940/cPanel shipped fixes April 28 for a CVSS 9.8 auth bypass that walks attackers into shared-hosting panels with no password. WatchTowr says exploitation started before the patch.Fri, 01 May 2026 11:25:00 GMTsecuritysecuritycpanelweb-hostingcve-2026-41940auth-bypasswatchtowrcredential-theftsupply-chainluca-reinhardt'Copy Fail' lets a 732-byte script grab root on Ubuntu, RHEL, and SUSE. Patched April 29.https://devtake.dev/article/copy-fail-linux-kernel-page-cache-root/https://devtake.dev/article/copy-fail-linux-kernel-page-cache-root/CVE-2026-31431 chains AF_ALG and splice() to write into the page cache of /usr/bin/su. Xint Code disclosed it on April 29, nine years after the bug shipped.Thu, 30 Apr 2026 09:15:00 GMTsecuritysecuritylinuxcve-2026-31431kernelprivilege-escalationsupply-chainubunturhelluca-reinhardtWiz found an RCE in GitHub's git-push pipeline. The patch shipped in six hours.https://devtake.dev/article/github-rce-cve-2026-3854-wiz/https://devtake.dev/article/github-rce-cve-2026-3854-wiz/CVE-2026-3854 is a CVSS 8.7 RCE in GitHub's git-push pipeline. github.com fixed it within hours. 88% of Enterprise Server installs were still vulnerable at disclosure.Wed, 29 Apr 2026 09:05:00 GMTsecuritygithubsecuritycve-2026-3854rcesupply-chainwizgithub-actionsdev-toolsluca-reinhardtAnother npm worm: CanisterWorm hits 16 Namastex packages and reaches PyPI on the same hophttps://devtake.dev/article/canisterworm-namastex-npm-pypi-supply-chain/https://devtake.dev/article/canisterworm-namastex-npm-pypi-supply-chain/Socket flagged a self-propagating worm in @automagik/genie, pgserve, and 14 sibling Namastex Labs packages. It steals 40 credential categories and republishes itself.Tue, 28 Apr 2026 16:30:00 GMTsecuritynpmsupply-chaincanisterwormsecuritynamastexteampcppypicredential-theftluca-reinhardtAdobe's Acrobat zero-day sat on VirusTotal for 136 days. Patch is APSB26-43.https://devtake.dev/article/adobe-acrobat-reader-cve-2026-34621/https://devtake.dev/article/adobe-acrobat-reader-cve-2026-34621/CVE-2026-34621 is an actively exploited Acrobat and Reader bug that runs attacker JavaScript inside the PDF runtime. The first sample hit VirusTotal in November and went unflagged.Tue, 28 Apr 2026 15:30:00 GMTsecurityadobeacrobatcve-2026-34621securityzero-dayvirustotalexpmonpdfluca-reinhardtToronto Police arrest three behind 'SMS blasters'. Phones lost 911 access for seconds at a time.https://devtake.dev/article/sms-blasters-canada-project-lighthouse/https://devtake.dev/article/sms-blasters-canada-project-lighthouse/Project Lighthouse logged 13 million cellular disruptions from car-mounted IMSI catchers spoofing legitimate towers. Three men face 44 charges in Canada's first SMS-blaster bust.Mon, 27 Apr 2026 21:00:00 GMTsecuritysecuritysmishingsms-blasterimsi-catcherfake-cell-towerscanadacybercrimetoronto-policeluca-reinhardtMicrosoft April 2026 Patch Tuesday: 167 fixes, two zero-days, and a SharePoint bug already in CISA's KEVhttps://devtake.dev/article/microsoft-patch-tuesday-april-2026-sharepoint/https://devtake.dev/article/microsoft-patch-tuesday-april-2026-sharepoint/Microsoft's April 8 Patch Tuesday closes 167 CVEs. CVE-2026-32201 in SharePoint is being exploited and CISA added it the same day. Here's what to patch first.Mon, 27 Apr 2026 15:00:00 GMTsecuritymicrosoftpatch-tuesdaycve-2026-32201sharepointdefenderzero-daysecuritycisa-kevluca-reinhardtGnuPG 2.5.19 lands ML-KEM in mainline. Post-quantum OpenPGP is no longer a side branch.https://devtake.dev/article/gnupg-post-quantum-mainline/https://devtake.dev/article/gnupg-post-quantum-mainline/Werner Koch shipped GnuPG 2.5.19 on April 24 with FIPS-203 ML-KEM, the first stable post-quantum encryption algorithm in OpenPGP. Here's what changed and what didn't.Sun, 26 Apr 2026 11:00:00 GMTsecuritygnupgopenpgppost-quantumml-kemcryptographysecuritykyberencryptionluca-reinhardtA Discord group guessed Anthropic's URL pattern and walked into Claude Mythoshttps://devtake.dev/article/anthropic-mythos-breach-discord/https://devtake.dev/article/anthropic-mythos-breach-discord/Bloomberg reports a small group accessed Anthropic's locked-down Mythos model the same day it launched, using credentials from a third-party contractor and educated URL guessing.Sat, 25 Apr 2026 11:00:00 GMTaianthropicclaude-mythosai-securitysupply-chainproject-glasswingmercorsecuritydieter-morelliLinux 7.1 is yanking ham radio, ISDN, and ATM. The reason: AI bug-report spam.https://devtake.dev/article/linux-7-1-ham-radio-isdn-removal/https://devtake.dev/article/linux-7-1-ham-radio-isdn-removal/Jakub Kicinski's networking pull request removes 138,161 lines of decades-old code. Kernel maintainers say LLM-generated bug reports made the old subsystems un-maintainable.Fri, 24 Apr 2026 21:00:00 GMTopen-sourcelinuxlinux-kernellinux-7-1kernelai-securitynetworkingopen-sourcesecuritysoren-vanekMozilla fixed 271 Firefox bugs that Claude Mythos found. Its own tests caught 22.https://devtake.dev/article/mozilla-firefox-mythos-bug-hunt/https://devtake.dev/article/mozilla-firefox-mythos-bug-hunt/Firefox 150 shipped Monday with 271 security fixes from Anthropic's Project Glasswing. Mozilla CTO Bobby Holley says Mythos matches elite human researchers.Wed, 22 Apr 2026 13:00:00 GMTopen-sourcemozillafirefoxanthropicclaude-mythosproject-glasswingsecurityai-securitysoren-vanekGoogle just moved 'Q-Day' to 2029. Here's what that changes for your crypto stackhttps://devtake.dev/article/google-q-day-2029-post-quantum-deadline/https://devtake.dev/article/google-q-day-2029-post-quantum-deadline/Google's security team says cryptographically-relevant quantum computers could arrive by 2029, six years before the NSA's 2031 deadline. What to migrate, and in what order.Wed, 15 Apr 2026 17:00:00 GMTwebquantum-computingcryptographypost-quantumgooglesecuritytlsluca-reinhardt