Skip to content
Security

Apple Publishes Formal Verification Blueprint for Quantum-Secure corecrypto

tldr / infosec 20h ago 8

Apple has released its implementations of post-quantum ML-KEM and ML-DSA algorithms in corecrypto alongside the mathematical proofs used to formally verify their correctness against FIPS 203 and FIPS 204. The company also published its custom formal verification libraries and tools, which it used to achieve the strongest known correctness guarantees for a widely deployed production cryptographic library. The work aims to prevent subtle bugs in quantum-secure cryptography across over 2.5 billion active devices, building on techniques previously used for Apple silicon hardware verification.

Read full article →

More Security

Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations

tldr / ai 20h ago 9

Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.

GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines

theregister / security 6h ago 9

GitHub disabled 70+ Microsoft repos in under two minutes after the Miasma worm infected projects via compromised commits, breaking CI/CD pipelines and triggering RCE in developer tools.

Ubiquiti Patches Critical UniFi OS Flaws Enabling Unauthenticated Root RCE

tldr / infosec 20h ago 9

Ubiquiti patched three critical UniFi OS flaws that chain into unauthenticated root RCE with CVSS 10.0 scores, requiring immediate patching and full credential rotation.