Topic digest

Encryption news and engineering summaries

Discover encryption technologies covering cryptography, security protocols, and data protection. Our digest summarizes end-to-end encryption, PKI implementations, and key management from developer communities.

92 recent stories

Latest ranked stories

Current Encryption stories

These stories are ranked from recent public source activity and shown as a preview of what a configured digest can deliver.

Notepad++ hijacked by state-sponsored actors
01Monday, February 2, 2026

Notepad++ hijacked by state-sponsored actors

A significant cybersecurity incident targeting Notepad++ has been disclosed, revealing a prolonged hijacking attempt by suspected Chinese state-sponsored hackers. Between June and December 2025, attackers compromised the application's shared hosting infrastructure to intercept and redirect update traffic. This allowed for the distribution of malicious update manifests to selective users by exploiting insufficient update verification controls in older versions of the software. Although the hosting provider implemented remediation steps by December 2, 2025, Notepad++ has since migrated to a more secure hosting environment. To prevent future incidents, the WinGup updater was enhanced in v8.8.9 to verify digital certificates and signatures. Furthermore, the upcoming v8.9.2 release will enforce XMLDSig verification for update manifests, ensuring the integrity of the update process through multiple layers of authentication and cryptographic validation.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Chatto is now Open Source
02Wednesday, July 8, 2026

Chatto is now Open Source

Chatto, a lightweight and privacy-focused group chat application, is now officially open source. Designed for easy self-hosting on Linux, macOS, and Windows, it features end-to-end encrypted messaging, voice, and video calls. The project includes a forthcoming managed hosting service, Chatto Cloud, while ensuring full data portability and compatibility between self-hosted and managed instances.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News1004 pts
Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops
03Friday, January 23, 2026

Microsoft gave FBI set of BitLocker encryption keys to unlock suspects' laptops

Microsoft reportedly provided the FBI with BitLocker recovery keys for three laptops during a federal fraud investigation in Guam. Although BitLocker is designed for full-disk encryption, its default settings upload recovery keys to Microsoft's cloud infrastructure. This configuration allows the company to comply with law enforcement warrants, essentially bypassing the privacy protections expected from encryption. Cryptography experts like Matthew Green have criticized this practice, noting that it creates significant security risks if Microsoft's cloud is compromised by hackers. While law enforcement still requires physical access to devices, the centralized storage of these keys makes Microsoft an outlier in the tech industry regarding user privacy and modern data security standards.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News904 pts
Discord/Twitch/Snapchat age verification bypass
04Wednesday, February 11, 2026

Discord/Twitch/Snapchat age verification bypass

Security researchers xyzeva and Dziurwa developed an open-source bypass for Discord's k-id age verification system. By reverse-engineering the AES-GCM encryption and replicating face-prediction metadata, the script tricks the FaceAssure API into verifying users as adults globally without requiring a real face scan, exploiting a lack of server-side validation for encrypted biometric data.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News823 pts
BirdyChat becomes first European chat app that is interoperable with WhatsApp
05Wednesday, January 21, 2026

BirdyChat becomes first European chat app that is interoperable with WhatsApp

BirdyChat has achieved a significant milestone by becoming the first European chat app to enable interoperability with WhatsApp, leveraging the mandates of the Digital Markets Act (DMA). This integration allows users in the European Economic Area (EEA) to send messages, photos, and files to WhatsApp users directly from BirdyChat using only a phone number. The feature preserves end-to-end encryption while simplifying work communication by allowing professionals to use their work email as an identity instead of a personal phone number. This development aims to bridge the gap between platform ecosystems, allowing for the organization of work conversations in BirdyChat without forcing external contacts to switch applications. Group chat support is planned for future updates as the rollout continues across the EEA.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News660 pts
Security researcher says Microsoft built a Bitlocker backdoor, releases exploit
06Thursday, May 14, 2026

Security researcher says Microsoft built a Bitlocker backdoor, releases exploit

Researcher Nightmare-Eclipse identified YellowKey, a vulnerability enabling full-volume BitLocker bypass via Windows Recovery Environment. The exploit allegedly suggests an intentional backdoor, affecting Windows 11 and Server editions. Security experts recommend diversifying encryption strategies and considering alternatives like VeraCrypt while awaiting official Microsoft patches.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

MS confirms it will give the FBI your Windows PC data encryption key if asked
07Saturday, January 24, 2026

MS confirms it will give the FBI your Windows PC data encryption key if asked

Microsoft has confirmed that it will provide the FBI with BitLocker data encryption keys upon receiving valid legal orders. This policy is primarily facilitated by the Windows 11 requirement for a Microsoft Account, which automatically backs up encryption keys to the cloud by default. While this feature is designed for user convenience in data recovery scenarios, it creates significant privacy concerns as the keys are stored in an accessible state rather than using zero-knowledge encryption. Unlike competitors like Apple or Meta, Microsoft’s current architectural choice allows the company to comply with law enforcement requests to decrypt user devices, highlighting a critical trade-off between accessibility and security.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

The Day the Telnet Died
08Tuesday, February 10, 2026

The Day the Telnet Died

In January 2026, GreyNoise analysts observed a sudden and dramatic 65% drop in global Telnet traffic within a single hour, which eventually settled at an 83% reduction from the baseline. This structural shift preceded the public disclosure of CVE-2026-24061, a critical authentication bypass vulnerability in GNU Inetutils telnetd that allows unauthenticated root access via a simple argument injection. The data suggests that major Tier 1 transit providers likely implemented port 23 filtering on backbone infrastructure in anticipation of the vulnerability's disclosure. This proactive infrastructure-level response significantly impacted residential and enterprise ISPs while leaving major cloud providers with direct peering largely unaffected. The incident highlights a potential shift in how global network operators coordinate to mitigate high-impact security risks at the routing level before they can be exploited at scale.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

FBI couldn't get into WaPo reporter's iPhone because Lockdown Mode enabled
09Wednesday, February 4, 2026

FBI couldn't get into WaPo reporter's iPhone because Lockdown Mode enabled

A recent FBI court filing has highlighted the effectiveness of Apple's Lockdown Mode, a security feature that successfully prevented federal investigators from extracting data from a Washington Post reporter's iPhone. During an investigation into classified leaks, the FBI's Computer Analysis Response Team (CART) found that the iPhone 13 belonging to Hannah Natanson was inaccessible due to this hardened security state. While the FBI was able to access her Macbook Pro using Touch ID, the iPhone remained protected. Lockdown Mode is designed to mitigate sophisticated spyware by limiting message attachments, web functionality, and physical accessory connections. This case demonstrates that the feature is also a formidable barrier against physical forensic tools like Graykey and Cellebrite, which require an unlocked connection to exploit system vulnerabilities. The incident underscores the ongoing technical struggle between consumer electronics companies and law enforcement agencies seeking digital access.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News492 pts
German implementation of eIDAS will require an Apple/Google account to function
10Saturday, April 4, 2026

German implementation of eIDAS will require an Apple/Google account to function

The Wallet Unit ensures secure authentication by binding hardware-backed keys to identification. To mitigate risks from vulnerabilities in mobile device operating systems and keystores, a Mobile Device Vulnerability Management (MDVM) system is proposed. It utilizes platform-specific signals, such as KeyAttestation and PlayIntegrity, along with RASP tools to continuously monitor device integrity and prevent the use of compromised environments.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News491 pts
Chrome extensions spying on 37M users' browsing data
11Sunday, February 8, 2026

Chrome extensions spying on 37M users' browsing data

Researchers identified 287 Chrome extensions spying on approximately 37.4 million users. Using an automated Docker-based scanning pipeline, they found extensions from actors like Similarweb and Big Star Labs exfiltrating browsing history via obfuscated and encrypted requests. This widespread data harvesting poses significant risks for corporate espionage and credential harvesting.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News416 pts
A Supabase misconfiguration exposed every API key on Moltbook's 770K-agent platform. Two SQL statements would have prevented it
12Monday, February 2, 2026

A Supabase misconfiguration exposed every API key on Moltbook's 770K-agent platform. Two SQL statements would have prevented it

Moltbook, a viral social network for AI agents built on the OpenClaw framework, has quickly transitioned from a curious experiment to a significant security threat. With over 770,000 agents active, the platform recently suffered a massive database breach allowing unauthorized hijacked control over agent identities and shell access to host machines. Researchers have identified critical vulnerabilities including unauthenticated shell command execution, improper input sanitization, and over-privileged system access. Many instances are currently exposed via Shodan, leading to the exfiltration of sensitive API keys and session tokens. The incident highlights the dangers of prompt injection at scale and the inherent risks of autonomous agents running without robust sandboxing or encryption in personal and enterprise environments.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Reddit414 pts
The RCE that AMD won't fix
13Thursday, February 5, 2026

The RCE that AMD won't fix

A critical Remote Code Execution (RCE) vulnerability was discovered in AMD AutoUpdate software after a user investigated persistent console pop-ups on a new gaming PC. Upon decompiling the application, the researcher found that while the update manifesto is fetched via HTTPS, the actual executable download URLs within that manifest reside on insecure HTTP connections. This architectural flaw allows for Man-In-The-Middle (MITM) attacks where an attacker could replace legitimate updates with malicious binaries. Crucially, the software lacks certificate validation or digital signature checks, executing any downloaded file immediately. Despite the severity, AMD classified the report as 'out of scope,' prompting the researcher to disclose the findings publicly to warn users about the potential security risks associated with the unpatched software.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Hacking Moltbook
14Monday, February 2, 2026

Hacking Moltbook

Moltbook, a social platform intended exclusively for AI agents, recently faced a significant security breach that exposed its production database. Billed as the front page of the agent internet, the platform attracted attention from the tech community for its vibe-coded architecture. However, researchers discovered an exposed Supabase API key that granted unauthenticated access to the entire database due to missing Row Level Security (RLS). The leak included 1.5 million API tokens, 35,000 email addresses, and private messages containing third-party credentials like OpenAI keys. Analysis revealed that the platform's high agent count was largely inflated by a small number of human users. This incident highlights the critical security risks associated with rapid, AI-driven development where secure defaults and manual reviews are often overlooked in favor of deployment speed.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

AI Agent Hacks McKinsey
15Monday, March 9, 2026

AI Agent Hacks McKinsey

An autonomous offensive AI agent compromised McKinsey & Company's internal AI platform, Lilli, via an unauthenticated SQL injection. The breach exposed 46.5 million chat messages, 728,000 sensitive documents, and internal system prompts. This incident underscores shifting threat landscapes where AI agents can autonomously identify and exploit critical vulnerabilities in high-value corporate infrastructure.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News393 pts
One million passports leaked online
16Sunday, June 28, 2026

One million passports leaked online

Security researcher Sammy Azdoufal discovered nearly one million private IDs, including passports and licenses, unprotected on the public internet via the PuffPal app developed by Cannabis Club Systems. The company failed to implement basic security, allowing unauthorized access to personal data. Nefos Solutions is now addressing the breach following reports and regulatory scrutiny.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News371 pts
New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises
17Thursday, February 26, 2026

New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises

New research introduces AirSnitch, a series of attacks revealing that low-level networking behaviors can bypass Wi-Fi encryption and client isolation. Despite decades of security improvements, these vulnerabilities affect numerous routers from major brands like Cisco, Ubiquiti, and Netgear, potentially allowing unauthorized communication and data exposure between connected clients.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News369 pts
Cloudflare targets 2029 for full post-quantum security
18Tuesday, April 7, 2026

Cloudflare targets 2029 for full post-quantum security

Cloudflare has moved its post-quantum (PQ) security deadline up to 2029 due to rapid advancements in quantum hardware, error correction, and algorithms. The focus has shifted from mitigating decryption threats to securing authentication, as broken keys pose catastrophic risks. Organizations are urged to prioritize long-term key rotation and assess third-party dependencies immediately.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News368 pts
Email obfuscation: What works in 2026?
19Thursday, April 2, 2026

Email obfuscation: What works in 2026?

Obfuscating email addresses protects them from automated spam harvesters. While no method is perfect, using techniques like JavaScript conversion, AES encryption, CSS 'display: none', or user interaction events effectively deters most unsophisticated bots. Conversely, simple methods like plain text, HTML comments, or basic encoding offer minimal protection but remain surprisingly common in practice.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

How Shamir's Secret Sharing Works
20Monday, May 25, 2026

How Shamir's Secret Sharing Works

Adi Shamir's secret sharing scheme splits data into shares using polynomial interpolation. With a (k,n) scheme, any k shares reconstruct a secret, while fewer reveal nothing. Using lines, parabolas, or higher-degree polynomials, this method ensures security and redundancy, as seen in systems like Ente's Legacy Kit where it provides robust, secure account recovery.

Summaries are AI-generated to help you scan faster. Open the original source for full context.

Sources:Hacker News349 pts

Get a Encryption digest by email

Create a Snapbyte.dev digest and choose Encryption as one of your topics.

Snapbyte workflow

Build a digest around your developer updates

Choose topics, sources, language, schedule, and timezone. Snapbyte turns that setup into a focused digest with summaries and original links.