Practical Countermeasure against Attacks Exploiting Detection Efficiency Mismatch in Quantum Key Distribution

We demonstrate a practical countermeasure against a well-known class of attacks on quantum key distribution QKD systems that exploit detection efficiency mismatch, where the receiver's detectors do not exhibit identical responses to incoming photons across all degrees of freedom. This class of...

CVE-2026-6923

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

CVE-2026-6923 Nuvoton - CWE-1300: Improper Protection of Physical Side Channels

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

PT-2026-40966

A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...

Unity Linux 20.1060e / 20.1070e Security Update: wpa_supplicant (UTSA-2026-017501)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017501 advisory. The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differenc...

Astra Linux – Vulnerability in mbedtls

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS from 2.19.1 does not reduce the blinded scalar before computing the inverse. This allows a local attacker to recover the private key through side-channel attacks...

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Arm Mbed TLS before versions 2.16.6 and 2.7.x, prior to 2.7.15. An attacker who can obtain precise side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinates of the result of scalar multiplication by...

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

Radio-Frequency Side-Channel Analysis of a Trapped-Ion Quantum Computer

Analogously to classical computers, quantum processors exhibit side channels that may give attackers access to potentially proprietary algorithms. We identify and exploit a previously unexplored side channel in trapped-ion quantum processors that arises from the radio-frequency RF signals used to...

CVE-2025-27940

Out-of-bounds read for some TDX Module before version tdx1.5 within Ring 0: Hypervisor may allow an information disclosure. Software side channel adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local access wh...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001487)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001487 advisory. In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted e.g., because of type confusion and consequently an unprivileged BPF progra...

CVE-2019-20399

A timing vulnerability in the Scalar::checkoverflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack...

CVE-2025-41696

CVE-2025-41696 describes an attack where an attacker can use an undocumented UART port on the PCB as a side-channel, leveraging user credentials obtained from CVE-2025-41692 to gain read access to parts of the device filesystem. Public Red Hat and EUVD entries corroborate the UART side-channel ve...

JLSEC-2025-198 Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, us...

Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. For Mbed TLS, the fix...

JLSEC-2025-199 The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 doe...

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks...

JLSEC-2025-201 An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by 1 reconstructing the projective coordinate of the result of scalar multiplication by exploiting side...

Updated perl-Crypt-OpenSSL-RSA packages fix security vulnerability

Perl-crypt-openssl-rsa: side-channel attack in pkcs1 v1.5 padding mode marvin attack. CVE-2024-2467...

Whisper Leak: A Side-Channel Attack on Large Language Models

Large Language Models LLMs are increasingly deployed in sensitive domains including healthcare, legal services, and confidential communications, where privacy is paramount. This paper introduces Whisper Leak, a side-channel attack that infers user prompt topics from encrypted LLM traffic by...

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2025-2261)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...