Toggle light / dark theme

Get the latest international news and world events from around the world.

Log in for authorized contributors

A new ‘uncertainty relation’ for quantum measurement errors

One of the most striking features of quantum physics is that certain properties cannot be measured at the same time. Every measurement may inevitably affect the object’s physical state being measured—and therefore also the outcome of any subsequent measurement. How fast something is moving, for example, can depend on whether its position was measured beforehand.

How strongly a measurement intervenes in the quantum state determines how reliably the result of a second measurement can be predicted from the first. This qualitative connection has been known for a long time. What is new, however, is that researchers at TU Wien have now found a formula that allows this effect to be quantified exactly.

They discovered a simple “uncertainty relation” that links measurement disturbance and measurement correlation. Using this relation, it becomes possible in a remarkably straightforward way to determine which combinations of quantum operations are possible—and which are fundamentally excluded. Their paper is published in the journal Physical Review Research.

Google Confirms CVE-2026–21385 in Qualcomm Android Component Exploited

There are currently no details on how the vulnerability is being exploited in the wild. However, Google acknowledged in its monthly Android security bulletin that “there are indications that CVE-2026–21385 may be under limited, targeted exploitation.”

Google’s March 2026 update contains patches for a total of 129 vulnerabilities, including a critical flaw in the System component (CVE-2026–0006) that could lead to remote code execution without requiring any additional privileges or user interaction. In contrast, Google addressed one Android vulnerability in January 2026 and none last month.

Also patched by Google are multiple critical-rated bugs: a privilege escalation bug in Framework (CVE-2026–0047), a denial-of-service (DoS) in System (CVE-2025–48631), and seven privilege escalation flaws in Kernel components (CVE-2024–43859, CVE-2026–0037, CVE-2026–0038, CVE-2026–0027, CVE-2026–0028, CVE-2026–0030, and CVE-2026–0031).

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack.

The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from an IT desk that activates a layered malware delivery pipeline.

“In one organization, the adversary moved from initial access to nine additional endpoints over the course of eleven hours, deploying a mix of custom Havoc Demon payloads and legitimate RMM tools for persistence, with the speed of lateral movement strongly suggesting the end goal was data exfiltration, ransomware, or both,” researchers Michael Tigges, Anna Pham, and Bryan Masters said.

CISA flags VMware Aria Operations RCE flaw as exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026–22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks.

Broadcom also warned that it is aware of reports indicating the vulnerability is exploited but says it cannot independently confirm the claims.

VMware Aria Operations is an enterprise monitoring platform that helps organizations track the performance and health of servers, networks, and cloud infrastructure.

/* */