Newsroom
We write about what is happening in post-quantum security, communications infrastructure, and the widening gap between the threats organizations face and the tools available to meet them. We write from the inside of the problem — because we built the answer.
Analysis
The European Commission ordered senior officials to stop using Signal after Russian-linked phishing attacks targeted their accounts. Twelve months after the US Signalgate scandal exposed classified military plans shared on the same app, the pattern is unmistakable: consumer encrypted messaging was never designed to be government communications infrastructure.
Read MoreThreat Intelligence
An Iran-linked hacking group breached FBI Director Kash Patel's personal email and published years of private correspondence. The incident exposes the structural vulnerability every senior official shares: personal communications that can be weaponized for blackmail, manipulation, or coercion live in infrastructure nobody is protecting.
Read MoreRegulatory
Canada's landmark cybersecurity legislation creates enforceable obligations for critical infrastructure operators — including requirements to secure communications systems and manage third-party risk. For organizations whose most sensitive conversations travel through foreign-jurisdiction platforms, the compliance question is also a sovereignty question.
Read MoreThreat Intelligence
Nation-state actors are not waiting for quantum computers to become publicly available. They are collecting your encrypted traffic today, storing it against a future decryption capability. This is not a theoretical future threat. It is an active, documented collection program. Here is what you need to understand about the timeline, the actors, and what it means for communications you are sending right now.
Read MoreRegulatory
In August 2024, NIST finalized the first post-quantum cryptographic standards — FIPS 203, FIPS 204, and FIPS 205. For government agencies, defense contractors, and any organization subject to federal procurement requirements, this is not guidance. Migration timelines are being set now. The organizations that begin transition today will be compliant when mandate arrives.
Read MoreInfrastructure
Every communication your organization sends travels through infrastructure operated by someone else. A carrier. A cloud provider. A SaaS platform's data center. In most cases, multiple of these simultaneously. The question of who has custodial access to that traffic, in what jurisdiction, under what legal framework, is the central communications security question of our era.
Read MoreAnalysis
Signal is a well-engineered consumer application. Its encryption is legitimate. Its open-source protocol has been peer-reviewed. But the threat model facing a government agency, a defense contractor, or a major legal institution is categorically different from what Signal was built to address. Here is exactly where the gap is — and why it matters for your organization specifically.
Read MoreQuantum Timeline
Debates about when quantum computers will break RSA-2048 miss the point entirely. Nation-state adversaries operating classified quantum programs are under no obligation to make public announcements. The question for your organization is how long your most sensitive data needs to remain confidential — and what is being collected against that timeline right now.
Read MoreSupply Chain
SolarWinds. XZ Utils. 3CX. The pattern is consistent: sophisticated attackers compromise the software you trust because it is more efficient than compromising your network. The 3CX attack targeted a communications platform specifically — providing access to the conversations of its users. When the tool is the weapon, your perimeter is irrelevant.
Read MoreRegister to receive dispatches when new analysis is published.