Chrome Is Thinking Quantum - Threat Wire

This week’s cyber security news roundup, hosted by Alli Diamond on ThreatWire, highlights significant advancements in quantum-resistant encryption, recent malware incidents, and new AI-driven security tools. A major focus of the report is Google Chrome’s proactive shift toward quantum computing security. The Chrome team is developing a new generation of HTTP certificates based on Merkel tree structures. This initiative aims to solve the performance and bandwidth issues caused by the larger data sizes typical of quantum-resistant cryptography in TLS connections. Google has outlined a three-phase plan concluding in early 2028. Currently, in phase one, they are collaborating with Cloudflare to evaluate performance. Subsequent phases will involve working with certificate transparency log operators and eventually onboarding certificate authorities into a new quantum-resistant root store. In recent threat news, a "vandalizing worm" recently targeted Wikipedia. Although the malicious script was first uploaded to Russian Wikipedia in March 2024, it was not executed until March 5, 2026. The worm functioned by injecting malicious JavaScript loaders into users' "common.js" files, allowing it to modify approximately 4,000 pages. The Wikipedia Foundation responded quickly, restricting editing and rolling back changes within a 23-minute window. They confirmed that no personal information was breached and no permanent damage was sustained. The AI security landscape is also evolving rapidly. OpenAI has officially released "Codec Security," a tool previously known as Ardvark. Now available in research preview for Pro, Enterprise, and Education users, Codec Security generates editable threat models and provides project-level context to identify vulnerabilities and suggest fixes. During a 30-day trial period, the tool scanned over 1.2 million code commits, identifying 792 critical and over 10,000 high-severity findings across various projects and open-source repositories. The roundup also touched on the growing importance of mobile security. Motorola’s upcoming support for GrapheneOS has generated significant interest, as it provides an affordable, highly secure mobile option for high-risk individuals and younger generations who rely primarily on smartphones rather than laptops. Finally, the report noted two emerging concerns: research from ETH Zurich and Anthropic shows that Large Language Models are becoming increasingly adept at deanonymizing online users through pattern recognition. Additionally, attackers are now using the ".arpa" domain and IPv6 reverse DNS to bypass email security gateways and domain reputation checks in sophisticated phishing campaigns.