• Hardened Serialization::Load against hostile input by bounding deserialized KSwitchKeys/GaloisKeys/RelinKeys dimensions and rejecting a SEALHeader whose size exceeds the available input, including on non-seekable streams.
• Hardened loading of zlib/zstd-compressed objects against decompression bombs by inflating on demand.
• Fixed the Windows RtlGenRandom fallback to fill the entire requested buffer and to cast its length safely to ULONG.
• Noted in SECURITY.md that Decryptor::invariant_noise_budget can leak the secret key on attacker-chosen ciphertexts.
• Documented in Evaluator (C++ and .NET) the NTT-domain multiply_plain accumulation pattern for repeated plaintext-ciphertext products (issue #744).