Agregátor RSS

The Chinese threat actor tracked as UNC3886 breached Singapore's four largest telecommunication service providers, Singtel, StarHub, M1, and Simba, at least once last year. [...]

Evropská komise (EK) předběžně shledala čínskou sociální síť pro sdílení krátkých videí TikTok návykovým designem v rozporu s unijním nařízením o digitálních službách (DSA). Komise, která je exekutivním orgánem Evropské unie a má rozsáhlé pravomoci, o tom informovala v tiskovém sdělení. TikTok v reakci uvedl, že EK o platformě vykreslila podle něj zcela nepravdivý obraz, a proto se bude bránit. Návykový design zahrnuje například takzvané nekonečné posouvání (tedy že videa nikdy nekončí), dále automatické přehrávání (kdy se další video spustí samo), tzv. push notifikace, což znamená, že aplikace uživatele nutí vrátit se do ní zpět, či vysoce personalizovaný algoritmus, který rychle pozná, co uživatele baví a snaží se ho držet v aplikaci.

The strongest known form of quantum-secure communication is no longer limited to tabletop experiments.

Quantum communication could enable uncrackable transfer of information, but most approaches rely on trusted devices. Researchers have now demonstrated that a new method that does away with this challenging requirement can operate over distances as large as 62 miles.

One of the central promises of a future quantum internet is provably secure communication. That’s thanks to one of the quirks of quantum physics: Observing a quantum state inevitably changes it. So if anyone attempts to intercept and read a message encoded in the quantum states of particles, they will alter it in the process, alerting the receiver to the breach.

Quantum communication speeds are too slow to transmit large amounts of information, so most schemes instead rely on an approach known as quantum key distribution. This involves using the quantum communication channel to share an encryption key between two parties, which they use to encode and decode messages sent over classical communication networks.

There have been impressive demonstrations of the technology’s potential, including an effort that beamed keys more than 8,000 miles via satellite and another that transmitted them more than 620 miles over optical fiber. But these feats used communication schemes relying on assurances the devices used had no technical flaws and hadn’t been tampered with. This is hard to guarantee.

New research from China’s quantum communications supremo, Jian-Wei Pan, who was also behind the previous record-breaking research, has shown the ability to securely transmit keys over a distance of more than 62 miles even if the equipment used is compromised.

“The demonstration of device-independent [quantum key distribution] at the metropolitan scale helps close the gap between proof-of-principle quantum network experiments and real-world applications,” the researchers write in a paper reporting the results in Science.

Most quantum key distribution schemes send photons encoding quantum information over a series of trusted relays. In contrast, the device-independent scheme uses a pair of entangled photons, one of which stays with the sender while the other is sent to the receiver.

By carrying out a series of measurements on the entangled photons and subjecting them to a statistical test, the sender and receiver can verify if the particles are truly entangled and then use the data to extract a secret key only they can access. Crucially, the approach doesn’t rely on assumptions about the hardware used to generate the results.

But the scheme has struggled to scale because it places strict demands on the efficiency with which quantum particles are detected and the strength of their entanglement. Any loss or noise can undermine security, so earlier experiments only operated over distances of a few hundred feet.

To achieve their latest results, Pan’s team used two network nodes, each consisting of an individual rubidium atom trapped by lasers. These atoms are encoded into a specific quantum state and then excited to produce an entangled photon. Photons from each node are then transmitted over optical fiber to a third node where they interfere with each other and entangle the two atoms.

In a series of innovations, the team improved the creation and measurement of the entangled atoms. The changes resulted in reliable entanglement above 90 percent even at distances of up to 62 miles.

This enabled them to produce a positive key rate—essentially a guarantee that the protocol produces the secret bits that make up the key faster than they must be discarded due to error, noise, or interception by an adversary—up to the maximum distance they tested.

Calculating a positive key rate typically relies on the assumption that the system can send an unlimited amount of data and therefore doesn’t always guarantee the scheme will be practical. But the researchers also tested how their protocol worked when restricted to a finite amount of data and found it could transmit a secure key over almost seven miles.

Steve Rolston, a quantum physicist at the University of Maryland, College Park, told The South China Morning Post that the work is a significant advance over previous efforts. However, he also noted that the data rates remain “abysmally small”—producing less than one bit of secure key every 10 seconds. The tests were also done on a coil of fiber in a laboratory rather than real-world telecom networks subject to environmental noise and temperature swings that can disrupt quantum states.

Even so, the results mark an important milestone. By demonstrating device-independent quantum key distribution at city-scale distances, the study shows that the strongest known form of quantum-secure communication is no longer limited to tabletop experiments.

The post Scientists Send Secure Quantum Keys Over 62 Miles of Fiber—Without Trusted Devices appeared first on SingularityHub.

So many CVEs, so little time

Digital intruders exploited buggy SolarWinds Web Help Desk (WHD) instances in December to break into victims' IT environments, move laterally, and steal high-privilege credentials, according to Microsoft researchers.…

More than 1,000 Google employees have signed an open letter urging the company to sever its business ties with the US Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP), according to CNBC.

In the letter, the employees condemn what they describe as escalating violence linked to federal immigration operations and refer to several high-profile deaths in the US. They write that they are concerned about how the company’s technology can be used by authorities. According to the letter, Google Cloud is used in connection with CBP’s surveillance system, and the company’s technology supports solutions used by ICE.

The employees demanded that management disclose all contracts and collaborations with the authorities and terminate them. In addition, the signatories want an internal information meeting about the company’s agreements with the US Department of Homeland Security and military actors. They also call for concrete protective measures for employees, including expanded opportunities for remote work and support in immigration matters.

Google did not immediately comment on the letter.

Hackers are now exploiting SolarWinds Web Help Desk (WHD) vulnerabilities to gain code execution rights on exposed systems and deploy legitimate tools, including the Velociraptor forensics tools, for persistence and remote control. [...]

Externí modul s velkým snímačem přináší kvalitu bez softwarových triků • Unikátní technologie LaserLink bleskově přenáší data přímo do procesoru • Zařízení nemá vlastní baterii a vyžaduje telefon se speciálním kroužkem

SmarterTools confirmed last week that the Warlock ransomware gang breached its network after compromising an email system, but did not impact business applications or account data. [...]

Offpunk byl vydán ve verzi 3.0. Jedná se o webový prohlížeč běžící v terminálu a podporující také protokoly Gemini, Gopher a RSS. Přibyl nástroj xkcdpunk pro zobrazení XKCD v terminálu.

Moltbook je první sociální síť určená pouze AI agentům. • Z výzkumu vyplývá, že 1,5 mil. agentů patří 17 tisícům lidí. • Platforma má potíže se zabezpečením.

Promethee je projekt, který implementuje UEFI (Unified Extensible Firmware Interface) bindingy pro JavaScript. Z bootovacího média načítá a spouští soubor 'script.js', který může používat UEFI služby. Cílem je vytvořit zavaděč, který lze přizpůsobit pomocí HTML/CSS/JS. Repozitář se zdrojovými kódy je na Codebergu.

By default, the bot listens on all network interfaces, and many users never change it

It's a day with a name ending in Y, so you know what that means: Another OpenClaw cybersecurity disaster.…

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, and

The Cyber Security Agency (CSA) of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All four of Singapore's major telecommunications operators ('telcos') – M1, SIMBA Telecom, Singtel, andRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

ChatGPT brzy zavede reklamy, budou i v jednom placeném tarifu. • Claude je rozhodně nasadit nechce, i bezplatná verze zůstane čistá. • Anthropic pak proti OpenAI rozjel kampaň, která si z rivala utahuje.

While competitors face increasing component coats and shrinking demand, Apple’s spring 2026 collection seemingly strikes a far more optimistic note. Apple is broadening its market, while others contract, and right now appears focused on delivering faster, better products at mid-range prices.

The company is on the cusp of introducing new Macs, tablets, and smartphones aimed directly at the market segment its competitors dominate, capitalizing on their woes by applying additional pricing pressure. All these devices will run all the artificial intelligence you want them to run, while remaining resolutely the systems that already lead in any user satisfaction survey you want to name. 

What’s coming?

Most of what Apple has planned has already been discussed; those plans include the first iteration of much improved Siri and Apple Intelligence services, supported by the tactical partnership with Google Gemini. And also:

• The iPhone 17e: Replacing the iPhone 16e, the $599 smartphone will carry an A19 chip along with Apple’s own networking and 5G chips. It will boast the same 6.1-in. display and 48 megapixel camera as the current model and will have MagSafe support. Given the positive reception to the base iPhone 17, the budget-friendly model should be popular as it delivers a lot of phone for the price. It’s expected to appear later this month.
• A new entry-level iPad equipped with the A18 chip — and an M4-powered iPad Air. This brings AI to the entry-level model for the first time; both will be available as an optional 5G-capable device thanks to Apple’s own 5G chip. 
• Pro Macs: Apple isn’t just about the mid-range; it’s about to apply pressure at the high-end, too, with new MacBook Pro models equipped with M5 Pro and M5 Max chips. These are expected to instantly bump Apple’s existing M5 MacBook to third place in the processor performance charts, which Apple now dominates in this price range. 

And another thing

What do you do when you sell the best PCs for most people’s needs? You work toward making those solutions available to even more people, and Apple has a plan to do just that coming down the pipe with its low-cost A-series MacBook model. 

Scheduled for later this year, the latter will deliver so much value for its price that it will put even more pressure on competitors in the mid-range. It will effectively be the ultimate mass-market AI PC — even as big competitors such as Dell quietly withdraw from promoting their products on the back of that emerging market.

Apple is also future proof, because as well as running its own AI solutions, its hardware can also support third-party services, including running AI services on device.

What happens next?

Apple is extending its reach across a much broader market than ever before. It’s doing so through a highly focused strategy of vertical integration, expanding its space across the supply chain through a pricing push enabled by its strategic investments in proprietary component manufacturing innovation.

The company’s decision to focus on making its own high-value processors and other silicon chips inside its hardware has enabled it to scale down costs, letting it reach for mid-priced markets while still offering products worthy of its name. So, while competitors must feed an array of high-value component suppliers (as well as themselves), Apple feeds a smaller number of mouths, replacing some of the most valuable pieces with its own proprietary designs now made on its behalf by contract manufacturers. 

This focus gives Apple far more business flexibility, particularly in current market conditions where component costs reach for the skies. Apple might have to pay more to its manufacturing partners, but other vendors must also pay more for those high-value chips.

Along with the popularity and reputation Apple has already built, its ability to broaden its market by tight control of manufacturing gives the company a brand-new economic advantage, something its looming mid-range product launches show the company is willing to exploit.

Whether through accident, design, or simple serendipity, the work Apple has been doing on silicon and supply chain management across the last 10 years means it now sits in the cat bird seat as the PC industry enters what seem to be “interesting times.” When it comes to the mid-range, Apple is ready to take a bite.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Attackers don't need AI to crack passwords, they build targeted wordlists from an organization's own public language. This article explains how tools like CeWL turn websites into high-success password guesses and why complexity rules alone fall short. [...]