Aggregator

无线键盘、鼠标等设备以其简洁高效的体验，成为现代办公生活的标配。然而，这份便利的背后，若不加注意，也可能潜藏窃密风险。从空中信号截获到恶意设备潜伏，再到休眠重连漏洞，窃密者可通过多种手段实现“隔空取物”式窃密，对信息安全构成威胁。

《网络安全法》的修改与实施，是我国网络安全法治建设的重要里程碑，标志着我国网络安全治理进入了规范化、制度化、法治化的新阶段。此次修改立足数智时代发展特征，回应了网络安全治理的现实需求，通过一系列制度创新，夯实了网络安全治理的法治框架……

Poland’s National Centre for Nuclear Research (NCBJ) thwarted a cyberattack targeting its IT infrastructure. The attempted intrusion was detected and blocked before attackers could compromise systems or disrupt operations. “No production, operational, or research processes were disrupted, and the MARIA reactor is operating safely and smoothly, at full power,” said Prof. Jakub Kupecki, Director of the National Centre for Nuclear Research. The National Centre for Nuclear Research is one of the largest scientific institutes in … More →

The post Hackers tried to breach Poland’s nuclear research centre appeared first on Help Net Security.

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。用户提供了文章的开头部分，看起来是Bruce Schneier的个人简介和一些相关的文章标题。 首先，我需要确定文章的主题。Bruce Schneier是一位公开利益的技术专家，专注于安全、技术和人之间的交叉领域。他从2004年开始在博客上写安全问题，还写月度通讯。他现在是哈佛大学肯尼迪学院的研究员和讲师，EFF的董事会成员，以及Inrupt公司的安全架构首席。 接下来，看看用户的要求：用中文总结内容，不超过100字，不需要特定的开头。所以重点应该是介绍Bruce Schneier的身份、他的工作领域以及他在安全方面的贡献。 然后，我需要提取关键信息：他是技术专家，关注安全、科技和人的交叉点；他在博客和通讯中讨论安全问题；他的职位包括研究员、讲师、董事会成员和首席架构师；他的工作涉及AI、隐私、LLM等主题。 最后，把这些信息浓缩成一个简洁的段落，确保不超过100字，并且直接描述内容。 Bruce Schneier是一位专注于安全、技术与人交叉领域的公开利益技术专家。他在博客和月度通讯中讨论安全问题，并担任哈佛大学研究员、EFF董事会成员及Inrupt首席安全架构师。他的工作涉及AI、隐私、LLM等主题。

当然，也有相当多的硬件并不支持CPU和外设之间的cache coherence的，这种情况下，无论是面向CPU还是device，都可能需要进行cache的clean/invalidate动作，这类动作往往比较昂贵，成为火焰图热点。结合arm64微架构的知识以及dsb的原理，这里有个优化机会，可以N个entries只发一次dsb，即最后一次性dsb等待前面的N个cache操作完成。经笔者观察，目前arm64的相关实现，采用的每个sg entry进行一个cache动作，然后就发dsb同步等待的方式。

上周关注度较高的产品安全漏洞(20260309-20260315)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞660个，其中高危漏洞379个、中危漏洞248个、低危漏洞33个。

Неизвестные использовали инфраструктуру сервиса AppsFlyer для атаки на цепочку поставок ПО.

KEEQuant has announced its commercial chip-scale QKD technology, marking an advance in quantum-secure communications. The system replaces bulky optical assemblies with photonic integration, lowering the cost and complexity of quantum key distribution and making quantum-safe key exchange a practical upgrade for telecom operators, data center providers, and critical infrastructure organizations. The result is smaller, more scalable systems that remain compatible with existing fiber environments and encryption solutions, making adoption more practical for organizations preparing their … More →

The post KEEQuant advances chip-scale QKD for telecom, data centers, and critical infrastructure appeared first on Help Net Security.

DepConfuse is a command-line tool that proactively detects dependency confusion vulnerabilities. It scans SBOMs or PURLs to identify internal

The post Supply Chain Shield: How DepConfuse Proactively Stops Dependency Confusion Attacks appeared first on Penetration Testing Tools.

A vulnerability was found in OpenHarmony up to 6.0. It has been rated as problematic. The affected element is an unknown function. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2026-0639. Attacking locally is a requirement. No exploit is available.

A vulnerability was found in OpenHarmony up to 5.1.0.x. It has been declared as problematic. Impacted is an unknown function. Such manipulation leads to improper input validation. This vulnerability is traded as CVE-2025-6969. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in OpenHarmony up to 5.0.3.x. It has been classified as problematic. This issue affects some unknown processing. This manipulation causes improper input validation. This vulnerability appears as CVE-2025-26474. The attack requires local access. There is no available exploit.

A vulnerability was found in OpenHarmony up to 5.0.3.x and classified as problematic. This vulnerability affects unknown code. The manipulation results in uninitialized resource. This vulnerability is reported as CVE-2025-12736. The attack requires a local approach. No exploit exists.

A vulnerability marked as problematic has been reported in Adobe Experience Manager up to 6.5.23. This affects an unknown part. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2026-27247. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-27248. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation results in cross site scripting. This vulnerability was named CVE-2026-27250. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-27251. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Adobe Experience Manager up to 6.5.23. This affects an unknown part. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-27252. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Adobe Experience Manager up to 6.5.23. This vulnerability affects unknown code. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-27249. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.