Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...
Dark Reading

Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted

Victims hit with the emerging Sicarii ransomware should never opt to pay up: the decryption process doesn't work, likely a result of an unskilled cybercriminal using vibe-coding to create it.
Ars Technica

How to encrypt your PC’s disk without giving the keys to Microsoft

In early 2025, Forbes reports, investigators at the FBI served Microsoft with a warrant seeking the BitLocker encryption recovery keys for several laptops it believed held evidence of fraud in Guam’s ...
The Verge

Microsoft handed the government encryption keys for customer data

Privacy advocates are worried about the precedent this sets and the potential for abuse. Privacy advocates are worried about the precedent this sets and the potential ...