[每日信息流] 2026-03-07 #1170
Description
每日安全资讯(2026-03-07)
- SecWiki News
- 先知安全技术社区
- Private Feed for M09Ic
- modelcontextprotocol released v1.5.0 at modelcontextprotocol/registry
- pydantic released v1.67.0 at pydantic/pydantic-ai
- spf13 starred steipete/gogcli
- bolucat released 202603061958 at bolucat/Archive
- x90skysn3k released v2.5.5 at x90skysn3k/brutespray
- Mr-xn starred cft0808/edict
- Mel0day starred slowmist/openclaw-security-practice-guide
- mgeeky starred BehiSecc/awesome-claude-skills
- timwhitez starred praetorian-inc/brutus
- DVKunion starred VoltAgent/awesome-openclaw-skills
- safedv starred iilegacyyii/DataInject-BOF
- uknowsec starred p1g3/dingwave
- niudaii starred yhy0/ghsa-skill-builder
- PrefectHQ released 3.6.22.dev1 at PrefectHQ/prefect
- CHYbeta starred vignesh07/clawdbot-formal-models
- x90skysn3k released v2.5.4 at x90skysn3k/brutespray
- CHYbeta starred D4Vinci/Scrapling
- 4ra1n starred yhy0/ghsa-skill-builder
- Rvn0xsy starred g0h4n/RustHound-CE
- gh0stkey starred rolldown/tsdown
- anthropics released v2.1.70 at anthropics/claude-code
- kpcyrd forked kpcyrd/russh from Eugeny/russh
- FunnyWolf starred agentscope-ai/CoPaw
- 安全客-有思想的安全新媒体
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Microsoft Security Blog
- Recent Commits to cve:main
- ElcomSoft blog
- paper - Last paper
- BREAKDEV
- Securelist
- GuidePoint Security
- VMRay
- SentinelOne
- Malwarebytes
- Offensive Security Blog: Latest Trends in Hacking | Praetorian
- 绿盟科技技术博客
- rtl-sdr.com
- 奇客Solidot–传递最新科技情报
- 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 杨龙
- 安全分析与研究
- 腾讯玄武实验室
- 威努特安全网络
- 黑鸟
- 安全客
- 代码卫士
- 青衣十三楼飞花堂
- Flanker论安全
- 安全内参
- 奇安信病毒响应中心
- 天御攻防实验室
- 看雪学苑
- 奇安信 CERT
- 腾讯安全应急响应中心
- 中国信息安全
- 安全圈
- 奇安信威胁情报中心
- 长亭科技
- 补天平台
- M01N Team
- 字节跳动安全中心
- 数世咨询
- 阿里安全响应中心
- 极客公园
- 吾爱破解论坛
- 火绒安全
- 嘶吼专业版
- 复旦白泽战队
- 陌陌安全
- 情报分析师
- Beacon Tower Lab
- 360数字安全
- 安全行者老霍
- 迪哥讲事
- Over Security - Cybersecurity news aggregator
- Cognizant TriZetto breach exposes health data of 3.4 million patients
- Analisi del malware VioletRAT veicolato in Italia
- InstallFix: false guide di installazione CLI per installare infostealer
- The CTF Ecosystem Is Stagnant and Has Been for Twenty Years
- CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
- People, Policies, and Purpose: Framing Acceptable Use and Human Behavior in Information Security
- TikTok non adotta la crittografia dei messaggi diretti: preoccupati gli esperti di privacy
- Sintesi riepilogativa delle campagne malevole nella settimana del 28 febbraio – 6 marzo
- Fake Claude Code install guides push infostealers in InstallFix attacks
- EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
- Un rischio è per sempre?
- Microsoft 365 Backup to add file-level restore for faster recovery
- Prompt ignition: la nuova superficie d’attacco dei modelli linguistici
- A Satellite Receiver Trusted by Pentagon, ESA Has More Than 20 Security Flaws — and the Maker Never Responded
- INC Ransom’s Franchise Model Is Putting Critical Infrastructure on the Chopping Block
- The MCP AuthN/Z Nightmare
- Shadow IT: The Initial Access You Didn’t Log
- Ghanain man pleads guilty to role in $100 million fraud ring
- Exploits and vulnerabilities in Q4 2025
- Privileged Access Management (PAM) nell’era cloud-first: le 10 migliori pratiche operative
- I dubbi sulla sicurezza degli impianti di videosorveglianza
- 16-28 February 2026 Cyber Attacks Timeline
- FBI investigates breach of surveillance and wiretap systems
- House panel marks up kids digital safety act amid Democrat backlash
- 字节跳动技术团队
- 知道创宇404实验室
- Securityinfo.it
- SANS Internet Storm Center, InfoCON: green
- Schneier on Security
- HACKMAGEDDON
- ICT Security Magazine
- Yak Project
- 白泽安全实验室
- The Register - Security
- Firefox taps Anthropic AI bug hunter, but rancid RAM still flipping bits
- Spyware disguised as emergency-alert app sent to Israeli smartphones
- Cisco warns of two more SD-WAN bugs under active attack
- Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal
- Son of government contractor arrested after alleged $46M crypto heist from US Marshals
- Microsoft finally gets around to fixing Windows 10 Recovery Environment after breaking it in October
- Transport for London says 2024 breach affected 7M customers, not 5,000
- Security Affairs
- Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations
- Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws
- Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer
- Iran-nexus APT Dust Specter targets Iraq officials with new malware
- U.S. CISA adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog
- Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow
- TorrentFreak
- 安全419
- The Hacker News
- Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India
- Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
- The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity
- Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
- China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
- Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
- GRAHAM CLULEY
- 白帽子章华鹏
- Deeplinks
- DEFION Research Labs
- Ruckus Unleashed: Multiple vulnerabilities exploited
- Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger
- Pwn2Own Automotive 2024: Hacking the JuiceBox 40
- Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)
- DoNex/DarkRace Ransomware Decryptor
- CVE-2024-20693: Windows cached code signature manipulation
- Bringing process injection into view(s): exploiting all macOS apps using nib files
- Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing
- Getting SYSTEM on Windows in style
- Technical analysis of the Genesis Market
- Bad things come in large packages: .pkg signature verification bypass on macOS
- Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution
- Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS
- Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution
- Process injection: breaking all macOS security layers with a single vulnerability
- Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution
- Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
- CoronaCheck App TLS certificate vulnerabilities
- Sandbox escape + privilege escalation in StorePrivilegedTaskService
- Proctorio Chrome extension Universal Cross-Site Scripting
- Zoom RCE from Pwn2Own 2021
- Adobe Acrobat privilege escalation
- iOS VPN support: 3 different bugs
- Sign in with Apple - authentication bypass
- Jenkins - authentication bypass
- DNS rebinding for HTTPS
- Spring Security - insufficient cryptographic randomness
- XenServer - path traversal leading to authentication bypass
- Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root
- NAPALM - command execution on NAPLM controller from host
- MySQL Connector/J - Unexpected deserialisation of Java objects
- Ansible - command execution on Ansible controller from host
- Observium - unauthenticated remote code execution
- cSRP/srpforjava - obtaining of hashed passwords
- StartEncrypt - obtaining valid SSL certificates for unauthorized domains
- Instapaper: Unread
- CTFs aren't Designed to Train Investigators. Hashclue is.
- Mobile Anti Forensics and the Impact on Evidence Recovery
- Stop connecting artifacts manually, here's how to automate it with Crow-Eye!
- Windows File System Artefacts Under CProgramData
- “Open-Source Tools for Digital Forensics” presso MSAB Digital Summit 2026