BuzzSec

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store," the Chrome Secure Web and Networking Team said. " from The Hacker News https://thehackernews.com/2026/03/google-develops-merkle-tree.html

Last updated: March 2, 2026 In late February 2026, the relationship between AI company Anthropic and the U.S. Department of Defense collapsed in dramatic fashion, resulting in President Trump banning all federal agencies from using Anthropic's products and the Pentagon designating the company a "supply chain risk" — a label normally reserved for foreign adversaries. It was the first time this designation has ever been applied to an American company. Here's how it happened and why it matters.

For legal organizations, the integrity of communication isn't just a business requirement, it’s a foundational pillar of the profession. Whether it’s a sensitive case strategy, a confidential merger agreement, or personal client data, the information contained within firm emails represents an immense amount of trust and significant liability. from Human Risk Management Blog https://blog.knowbe4.com/the-case-for-behavioral-ai-in-legal-email-security

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated requests from strange user agents. If from The Hacker News https://thehackernews.com/2026/03/how-to-protect-your-saas-from-bot.html

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of candidates. While it has been known that individuals can be uniquely identified by surprisingly few attributes, this was often practically limited. Data is often only available in unstructured form and deanonymization used to require human investigators to search and reason based on clues. We show that from a handful of comments, LLMs can infer where you live, what you do, and your interests—then search for you on the web. In our new research, we show that this is not only possible but increasingly practical. from Schneier on Security https://www.schneier.com/blog/archives/2026/03/llm-assisted-deanonymization.html

A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat actor known as APT28, according to new findings from Akamai. The vulnerability in question is CVE-2026-21513 (CVSS score: 8.8), a high-severity security feature bypass affecting the MSHTML Framework. "Protection mechanism failure in MSHTML Framework allows an unauthorized from The Hacker News https://thehackernews.com/2026/03/apt28-tied-to-cve-2026-21513-mshtml-0.html