diff --git a/.env b/.env
index bff3867ad..a10eb0880 100644
--- a/.env
+++ b/.env
@@ -12,7 +12,7 @@ export DOCKER_IMAGES_TAG=latest
 # ********************
 # DOCKER IMAGES BUILD INFO
 # ********************
-RUST_IMAGE_VERSION='1.93.0'
+RUST_IMAGE_VERSION='1.94.0'
 LTO_RELEASE=release-lto-off
 AWS_ACCESS_KEY_ID='' # will be set in entrypoint script
 AWS_SECRET_ACCESS_KEY='' # will be set in entrypoint script
diff --git a/.github/workflows/docker-check-build.yml b/.github/workflows/docker-check-build.yml
index ef5514a09..2e8084f3e 100644
--- a/.github/workflows/docker-check-build.yml
+++ b/.github/workflows/docker-check-build.yml
@@ -81,7 +81,7 @@ jobs:
             base:latest
 
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           image-ref: base:latest
           format: 'table'
diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 3ffffcecc..5a5951e36 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -102,7 +102,7 @@ jobs:
             base:latest
 
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # v0.34.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           image-ref: base:latest
           format: 'table'
diff --git a/Cargo.lock b/Cargo.lock
index 7a71577c7..8255a77f4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -7515,9 +7515,9 @@ dependencies = [
 
 [[package]]
 name = "tfhe"
-version = "1.5.1"
+version = "1.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fea64405f4e7bce2cea50c3638a32086bc0e22e039bb7bc054389e6633754b3"
+checksum = "0473cd821b042252c885bfc016548a928fd88f801e3b0d57b2a9c4a6ee39c7a4"
 dependencies = [
  "aligned-vec",
  "bincode 1.3.3",
diff --git a/Cargo.toml b/Cargo.toml
index 523edf5f2..2518cc026 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -180,7 +180,7 @@ syn = { version = "2.0", features = ["full"] }  # Syn macro parsing - MEDIUM RIS
 sysinfo = "0.36.1"  # System information gathering - MEDIUM RISK: Reputable individual maintainer (GuillaumeGomez), 71M+ downloads
 tempfile = "=3.20.0"  # Temporary file handling - MEDIUM RISK: Individual maintainers (Stebalien, KodrAus), 345M+ downloads, test-only dependency
 test-context = "=0.4.1"  # Test context utilities - MEDIUM RISK: Individual maintainers (markhildreth, JasperV), test-only dependency
-tfhe = "=1.5.1"  # Fully Homomorphic Encryption library - LOW RISK: Zama
+tfhe = "=1.5.3"  # Fully Homomorphic Encryption library - LOW RISK: Zama
 tfhe-csprng = "=0.8.0"  # Cryptographically secure PRNG for TFHE - LOW RISK: Zama
 tfhe-versionable = "=0.7.0"  # TFHE versioning support - LOW RISK: Zama
 tfhe-zk-pok = "=0.8.0"  # Zero-knowledge proofs for TFHE - LOW RISK: Zama
diff --git a/backward-compatibility/generate-v0.13.10/Cargo.toml b/backward-compatibility/generate-v0.13.10/Cargo.toml
index 377de57e5..d799c8314 100644
--- a/backward-compatibility/generate-v0.13.10/Cargo.toml
+++ b/backward-compatibility/generate-v0.13.10/Cargo.toml
@@ -30,7 +30,7 @@ threshold_fhe_0_13_10 = { git = "https://github.com/zama-ai/kms.git", package =
 # modules as much as possible to avoid serialization differences
 cfg-if_1_0_4 = { package = "cfg-if", version = "=1.0.4" }
 tfhe_versionable_0_7 = { package = "tfhe-versionable", version = "=0.7.0" }
-tfhe_1_5_1 = { package = "tfhe", version = "1.5.1", features = [
+tfhe_1_5_3 = { package = "tfhe", version = "1.5.3", features = [
     "shortint",
 ] }
 alloy-sol-types-1_4_1 = { package = "alloy-sol-types", version = "=1.4.1" }
diff --git a/ci/scripts/README.md b/ci/scripts/README.md
index c257b1dcb..c1bf42fe3 100644
--- a/ci/scripts/README.md
+++ b/ci/scripts/README.md
@@ -64,7 +64,7 @@ For local development with Kind:
 ./deploy.sh --target kind-local --build
 
 # Use specific Rust version
-RUST_IMAGE_VERSION=1.92 ./deploy.sh --target kind-local --build
+RUST_IMAGE_VERSION=1.94 ./deploy.sh --target kind-local --build
 ```
 
 The build process will:
diff --git a/ci/scripts/deploy.sh b/ci/scripts/deploy.sh
index 6f7b1579f..c8191449b 100755
--- a/ci/scripts/deploy.sh
+++ b/ci/scripts/deploy.sh
@@ -46,7 +46,7 @@ PATH_SUFFIX="${PATH_SUFFIX:-kms-ci}"
 TLS="${TLS:-false}"
 
 # Build defaults (for local image building)
-RUST_IMAGE_VERSION="${RUST_IMAGE_VERSION:-1.92}"
+RUST_IMAGE_VERSION="${RUST_IMAGE_VERSION:-1.94}"
 
 # AWS/Tailscale Defaults
 TAILSCALE_HOSTNAME="tailscale-operator-zws-dev.diplodocus-boa.ts.net"
diff --git a/ci/scripts/lib/utils.sh b/ci/scripts/lib/utils.sh
index eea691ec8..f97cbd15c 100755
--- a/ci/scripts/lib/utils.sh
+++ b/ci/scripts/lib/utils.sh
@@ -15,7 +15,7 @@ build_container() {
     log_info "========================================="
 
     # Use RUST_IMAGE_VERSION from environment or default
-    local RUST_IMAGE_VERSION="${RUST_IMAGE_VERSION:-1.92}"
+    local RUST_IMAGE_VERSION="${RUST_IMAGE_VERSION:-1.94}"
 
     #-------------------------------------------------------------------------
     # Build and load core-service
diff --git a/core/threshold/Cargo.toml b/core/threshold/Cargo.toml
index fd2e7454a..afa71a1aa 100644
--- a/core/threshold/Cargo.toml
+++ b/core/threshold/Cargo.toml
@@ -143,7 +143,7 @@ required-features = ["testing", "extension_degree_8"]
 [[bench]]
 name = "decoding"
 harness = false
-required-features = ["experimental", "extenson_degree_8"]
+required-features = ["experimental", "extension_degree_8"]
 
 [[bench]]
 name = "algebra"
diff --git a/core/threshold/docker/local.dockerfile b/core/threshold/docker/local.dockerfile
index 39d38fc1a..7307d038d 100644
--- a/core/threshold/docker/local.dockerfile
+++ b/core/threshold/docker/local.dockerfile
@@ -18,9 +18,9 @@ RUN cargo install --locked --path core/threshold --root . --bins --no-default-fe
 
 
 # Go tooling stage - only for grpc-health-probe
-FROM cgr.dev/zama.ai/golang:1.25.4 AS go-builder
+FROM cgr.dev/zama.ai/golang:1.25 AS go-builder
 
-ARG GRPC_HEALTH_PROBE_VERSION=v0.4.42
+ARG GRPC_HEALTH_PROBE_VERSION=v0.4.46
 
 RUN git clone https://github.com/grpc-ecosystem/grpc-health-probe && \
     cd grpc-health-probe && \
diff --git a/core/threshold/src/choreography/grpc.rs b/core/threshold/src/choreography/grpc.rs
index 4a6ddccda..53488b107 100644
--- a/core/threshold/src/choreography/grpc.rs
+++ b/core/threshold/src/choreography/grpc.rs
@@ -466,10 +466,10 @@ where
             .pop()
             .map_or_else(
                 || {
-                    Err(tonic::Status::new(
+                    Err(Box::new(tonic::Status::new(
                         tonic::Code::Aborted,
                         format!("Failed to create session for {request_sid:?}"),
-                    ))
+                    )))
                 },
                 Ok,
             )?)
diff --git a/core/threshold/src/experimental/choreography/grpc.rs b/core/threshold/src/experimental/choreography/grpc.rs
index f84e568c2..7ec51be93 100644
--- a/core/threshold/src/experimental/choreography/grpc.rs
+++ b/core/threshold/src/experimental/choreography/grpc.rs
@@ -180,10 +180,10 @@ impl ExperimentalGrpcChoreography {
             .pop()
             .map_or_else(
                 || {
-                    Err(tonic::Status::new(
+                    Err(Box::new(tonic::Status::new(
                         tonic::Code::Aborted,
                         format!("Failed to create session for {request_sid:?}"),
-                    ))
+                    )))
                 },
                 Ok,
             )?)
diff --git a/docker/core/service/Dockerfile b/docker/core/service/Dockerfile
index d9f24ba6d..18badeea7 100644
--- a/docker/core/service/Dockerfile
+++ b/docker/core/service/Dockerfile
@@ -38,7 +38,7 @@ RUN --mount=type=cache,target=/root/.cargo/registry,sharing=locked \
     ./core/service/bin
 
 
-ARG YQ_VERSION=v4.50.1
+ARG YQ_VERSION=v4.52.4
 # Overridable arg to allow building for different architectures
 ARG TARGETARCH=amd64
 RUN wget -qO/usr/bin/yq https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${TARGETARCH} && \
@@ -92,7 +92,7 @@ CMD ["/bin/bash", "/app/kms/core/service/bin/init_enclave.sh"]
 # Build the grpc-health-probe binary for development
 FROM cgr.dev/zama.ai/golang:1.25 AS go-builder
 
-ARG GRPC_HEALTH_PROBE_VERSION=v0.4.42
+ARG GRPC_HEALTH_PROBE_VERSION=v0.4.46
 
 RUN git clone https://github.com/grpc-ecosystem/grpc-health-probe && \
     cd grpc-health-probe && \
diff --git a/docker/core/service/local.dockerfile b/docker/core/service/local.dockerfile
index 65b96cbd4..cd6ff504d 100644
--- a/docker/core/service/local.dockerfile
+++ b/docker/core/service/local.dockerfile
@@ -43,7 +43,7 @@ CMD ["kms-server", "centralized"]
 # Third stage: Build the grpc-health-probe binary for development
 FROM cgr.dev/zama.ai/golang:1.25 AS go-builder
 
-ARG GRPC_HEALTH_PROBE_VERSION=v0.4.42
+ARG GRPC_HEALTH_PROBE_VERSION=v0.4.46
 
 RUN git clone https://github.com/grpc-ecosystem/grpc-health-probe && \
     cd grpc-health-probe && \
@@ -56,7 +56,7 @@ RUN git clone https://github.com/grpc-ecosystem/grpc-health-probe && \
 ## Fourth stage: Build and install grpc-health-probe -- For development only with extra tools
 FROM --platform=$BUILDPLATFORM prod AS dev
 
-ARG YQ_VERSION=v4.50.1
+ARG YQ_VERSION=v4.52.4
 ARG TARGETARCH=amd64
 
 USER root
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
index 075062e5e..76a06e6b8 100644
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -1,2 +1,2 @@
 [toolchain]
-channel = "1.93.0"
+channel = "1.94.0"