[每日信息流] 2026-03-19 #1182
Description
每日安全资讯(2026-03-19)
- SecWiki News
- Private Feed for M09Ic
- Rvn0xsy starred lightpanda-io/browser
- anthropics released v2.1.79 at anthropics/claude-code
- zeroclaw-labs released v0.5.0-beta.364 at zeroclaw-labs/zeroclaw
- memN0ps starred MEhrn00/boflink
- bolucat released 202603182010 at bolucat/Archive
- mgeeky starred smtg-ai/claude-squad
- IC3-CR3AM starred mrphrazer/agentic-malware-analysis
- INotGreen starred shareAI-lab/learn-claude-code
- zeroclaw-labs released v0.5.0-beta.351 at zeroclaw-labs/zeroclaw
- IC3-CR3AM forked IC3-CR3AM/intelligence from ctrlaltint3l/intelligence
- mgeeky starred six2dez/burp-ai-agent
- 4ra1n starred ZeroPathAI/validation-benchmarks
- niudaii starred Esonhugh/pydoll-cf-waf-bypasser-skills
- uknowsec starred RuoJi6/java-decompile-mcp
- Rvn0xsy starred whatevertogo/FeiShuSkill
- gh0stkey starred unslothai/unsloth-studio
- PrefectHQ released 3.6.23.dev3 at PrefectHQ/prefect
- ZeddYu starred aiming-lab/AutoResearchClaw
- niudaii starred shareAI-lab/learn-claude-code
- safedv starred andreisss/KslDump
- zeroclaw-labs released v0.5.0 at zeroclaw-labs/zeroclaw
- su18 starred shareAI-lab/learn-claude-code
- CXSECURITY Database RSS Feed - CXSecurity.com
- Doonsec's feed
- Rust for Malware Development:一个值得研究的Rust对抗技术仓库
- 告别手动排查应急响应一键采集与可视化分析的自动化应急响应利器
- CTF WEB-Jeewms
- DarkEsn 通知/授权 | Darkesnvip最新通知
- 网易回应清退全部外包的传言
- 紧急!你的Chrome可能正在"裸奔"
- 快普M6 GetPositionOfStaff接口存在sql注入漏洞 附POC
- 老婆是一个小公司的hr兼行政,工作繁琐经常加班,我经常写一些小工具给她用。现在老婆要离职,老板要求这些工具必须留下。这合理吗?
- 什么是信息安全,网络安全,数据安全
- 聊一下我的“多源日志采集与智能分析平台”:支持两种 syslog 日志外发啦!
- 美以空袭疑似炸死了伊朗黑客组织头目
- 别浪费!iPhone这些隐藏功能不用等于白买
- H6-3-逆向工程(Ghidra)长期支持维护基础环境设施知识共享
- 苹果iOS26.3.1a正式版发布!投屏教程+版本亮点一次看懂
- 利用skill解决CTF的逆向题
- 吾爱破解论坛精华集2025
- [EDU]动动手指的高危
- 新课更新
- Burp插件--MaR
- 某CMS XSS漏洞代码审计
- 智谱龙虾套餐可以用glm5-turbo了
- 2026年国际网络安全奥林匹克中国区学术(NCO)活动正式启动
- 北美校园医院警报!朝鲜APT新武器Dohdoor偷袭,病历成绩全被偷。
- AI Guardrails:大模型安全护栏架构初探
- 《经济半小时》| 守护安全 奇安信“龙虾安全伴侣”获央视关注
- 奇安云镜发布:一天不到1毛钱,为中小企业打造专属“智能安全管家”
- CTFshow-Pwn入门格式化字符串(91-100)
- 鹈鹕、Three.js 与 Rebecca
- 攻防中前端加密的分析与突破
- Agent开发|从0实现Agent(一):50行代码实现Mini Claude Code(工具与执行篇)
- 别再手动压缩图片了,来看看「自动挡」时代的正确做法!
- [吃瓜速递]某大厂又开始裁员??
- 结构化思维、架构化认知--最重要的实力保障
- 拆解机器人,分析其软硬件弱点(1)
- 腾讯财报:人均年薪112万!
- 17岁深圳少年破解AI底层难题,马斯克点赞:中国下一代程序员正在崛起
- 信创私有化,源码交付!AIoT 大模型智慧城市生命线一网统管,涵盖城管住建、综合执法、智慧社区、水利水务、生态环保、应急安全
- 突破防御极限!《APT攻击原理深度刨析》第二批课程
- 开源!PromptFoo 让 AI 安全测试告别盲测
- Ubuntu Desktop 24.04及更高版本存在本地权限提升漏洞,可导致未授权用户获取root权限
- RegPwn:一种 Windows 注册表弱点
- 沼泽蛇组织发起多波次间谍活动,目标直指外交官和关键基础设施
- 华为中国合作伙伴大会2026|华为星河AI网络安全参会指南一图掌握!
- 2月银行AI项目动态:广西北部湾银行连推3项目,最高金额回落至三百余万
- AI快讯:金融智能体标准编制启动,阿里云、百度云AI算力等产品涨价
- 银雁科技第一中选!中行安徽省分行AI远程银行(云维)项目人员外包服务项目
- 专题·原创 | 《中华人民共和国网络安全法》修改的背景、内容、创新之处及实施路径研究
- 专家解读 | 筑牢数据产权制度基石 护航数据要素价值释放
- 最高法:审理未成年人“充值”“打赏”案件应充分考虑各种因素综合判断
- 前沿 | OpenClaw爆火背后:个人Agent狂欢更需警惕安全风险
- 专家观点丨政策驱动全链条防护:我国工控安全撑起新型工业化“安全伞”
- 可信数据丨建设面向AI赋能的高质量行业数据集!工信部启动工业数据筑基行动
- Flashpoint:从暗网里长出来的情报公司,如何在"史诗狂怒"前夜发出全球威胁最强音
- 龙虾归笼,筑牢底座:CSA GCR大会嘉宾揭晓
- AI 安全的“插件革命”:深度拆解 730+ 个 Anthropic 风格原子化技能库
- 老师,我想学渗透测试
- 智行千里,安防于心|中机博也在AutoSec十周年荣获标杆企业
- 前端加密测不动?全局热加载帮你自动接管签名流程
- 现在学网安真的是49年入国军吗?
- AI+安全,问鼎国际!默安科技斩获日内瓦国际发明展金奖
- 【高危AI漏洞预警】OpenClaw Agent平台远程代码执行漏洞CVE-2026-30741
- 某安全应急响应中心群发导致493个邮箱地址泄露
- 无数挖坑题的反面
- 龙信手机取证新突破:TG提取恢复再加强(70款变种支持)与主流输入法(含维语)提取全覆盖!
- 央视曝光AI“投毒”,工信部紧急预警:AI浪潮下,企业如何看清“隐形威胁”?
- 英伟达发布“安全版龙虾”NemoClaw
- OpenClaw安全公告激增;Claude Code Security重塑网安企业 | 2025网安行业优质播客精选集⑮
- 从Windows转向macOS:ClickFix攻击利用ChatGPT诱饵升级战术
- 攻击者入侵史赛克微软系统,远程擦除数万台设备
- 公开课 | 区块链安全(第三讲)
- 字节跳动被曝在内部推出 ByteClaw 并发布“龙虾”安全规范,应对 AI 智能体安全风险
- 稳步推进 聚力筑盾——武汉市网络安全协会两项团体标准编制工作取得阶段性进展
- 国家互联网信息办公室关于发布生成式人工智能服务已备案信息的公告
- 奇安信发布“龙虾安全伴侣”,破解企业“想用不敢用”难题
- 会员动态 | 陈宇调研光谷信息
- 合规领航·智赋新安 | 任子行AI驱动全面赋能393号文基础电信企业数据安全技术能力建设
- 移动安全警报:AI驱动攻击、虚拟化逃逸、无感知盗刷来袭……梆梆安全防御能力全面升级!
- 登榜IDC双图谱!亚信安全以AI原生实力筑牢智能体安全底座
- OpenClaw被曝多项高危风险?观安智能体管控平台带你告别AI“裸奔”!
- fastcms-v0.1.5代码审计
- 生成式人工智能训练语料的法律风险及治理
- 预警丨防范思科Catalyst SD-WAN管理软件多个漏洞
- OpenClaw安全解决方案:安全与办公提效兼得
- 火山引擎ArkClaw开启安全专测!顶尖赏金与限量周边奉上!
- 网络安全行业有哪些“含金量高”的证书?一次讲清楚
- 2026年成都市政府工作安排
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Microsoft Security Blog
- Der Flounder
- Recent Commits to cve:main
- Insinuator.net
- Sandfly Security Blog RSS Feed
- Bug Bounty in InfoSec Write-ups on Medium
- Malware-Traffic-Analysis.net - Blog Entries
- Securelist
- Malwarebytes
- 绿盟科技技术博客
- 奇客Solidot–传递最新科技情报
- Offensive Security Blog: Latest Trends in Hacking | Praetorian
- 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- rtl-sdr.com
- 安全分析与研究
- 吾爱破解论坛
- 看雪学苑
- Black Hills Information Security, Inc.
- 代码卫士
- 安全内参
- 漕河泾小黑屋
- 威努特安全网络
- 先进攻防
- 黑鸟
- 青衣十三楼飞花堂
- 丁爸 情报分析师的工具箱
- 奇安信 CERT
- 信安之路
- 天黑说嘿话
- 君哥的体历
- 安全圈
- 微步在线
- 补天平台
- XCTF联赛
- 字节跳动安全中心
- 中国信息安全
- 默安科技
- 极客公园
- dotNet安全矩阵
- 阿里安全响应中心
- 百度安全应急响应中心
- 嘶吼专业版
- 数世咨询
- 火绒安全
- 枇杷熟了
- 慢雾科技
- 京东安全应急响应中心
- ChaMd5安全团队
- 360数字安全
- 情报分析师
- 威胁猎人Threat Hunter
- 迪哥讲事
- 安全行者老霍
- Qualys Security Blog
- 国家互联网应急中心CNCERT
- DEF CON Announcements!
- 字节跳动技术团队
- 云鼎实验室
- Over Security - Cybersecurity news aggregator
- Aura confirms data breach exposing 900,000 marketing contacts
- Russia-linked hackers use advanced iPhone exploit to target Ukrainians
- CISA orders feds to patch Zimbra XSS flaw exploited in attacks
- DHS nominee Mullin pressed on restoring CISA staffing
- US intelligence chief grilled on absence of election threats in security assessment
- ConnectWise patches new flaw allowing ScreenConnect hijacking
- Bank software vendor Marquis says more than 670,000 impacted by August breach
- Ransomware gang exploits Cisco flaw in zero-day attacks since January
- Cyble and Optiv Partner to Bring Digital Risk Protection to Managed Security Operations
- Storm-2561 e il SEO poisoning: così con falsi client VPN rubano credenziali
- Marquis: Ransomware gang stole data of 672K people in cyberattack
- Apple corregge WebKit senza aggiornare iOS: debuttano i Background Security Improvements
- Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools
- CISA official says agency has not seen uptick in cyber threats amid Iran war
- Inside DarkSword: A New iOS Exploit Kit Delivered Via Compromised Legitimate Websites
- New “Darksword” iOS exploit used in infostealer attack on iPhones
- The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms
- Nordstrom's email system abused to send crypto scams to customers
- Handala, cosa sapere del cyber gruppo iraniano che attacca l’Occidente
- Moscow seeks to limit internet to state-approved websites amid ongoing outages
- Agentic AI Run Fraud Campaigns Earning 4.5 Times More: Interpol
- AI-Powered Cyber Warfare: How Autonomous Attack Agents Are Changing the Threat Landscape
- The SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in Mexico
- Maxi truffe travestite da informazioni finanziarie sfruttano l’advertising di Meta: come proteggersi
- L’AI nella kill chain: i vantaggi e le perplessità nella guerra in Iran
- How a Ukrainian Vishing Ring Stole €2M From EU Citizens — and Nearly Got Away
- How to Reduce MTTR in Your SOC with Better Threat Intelligence
- La sicurezza dell’Active Directory come pilastro della cyber security
- Transparent COM instrumentation for malware analysis
- Fusion Fireside #17: Inside the Chinese Smishing Triad with Gary Warner
- CRIL Flags Growing Threat of Middle East Cyber Attacks and Hacktivist Campaigns
- How Cortex XDR BIOC Rules Could Become an Attack Surface
- ‘Give to Gain’ is Relevant for Security and Resilience: Bonnie Butlin, Chats with TCE
- FBI Intensifies Crackdown on Thai Scam Centers Targeting Americans
- Aura - 903,080 breached accounts
- Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
- Apple pushes first Background Security Improvements update to fix WebKit flaw
- Rischio AI: falle in Amazon Bedrock, LangSmith e SGLang
- ICT Security Magazine
- JUMPSEC
- SANS Internet Storm Center, InfoCON: green
- Have I Been Pwned latest breaches
- Schneier on Security
- Instapaper: Unread
- TorrentFreak
- Trend Micro Research, News and Perspectives
- Security Affairs
- U.S. CISA adds Microsoft SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog
- Researchers warn of unpatched, critical Telnetd flaw affecting all versions
- CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit
- Robotic surgery firm Intuitive reports data breach after targeted phishing attack
- Tracking the Iran War: A Month of Escalation and Regional Impact
- Securityinfo.it
- The Hacker News
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
- Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
- Claude Code Security and Magecart: Getting the Threat Model Right
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
- Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
- Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
- NetSPI
- The Register - Security
- Okta made a nightmare micromanager for your AI agents
- State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns
- Amazon security boss says crims abused max-security Cisco firewall flaw weeks before disclosure
- North Korea's 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un
- Britain's satellite-watching gap to be plugged with £17.5M eyeball in Cyprus
- Iran's cyberattack against med tech firm is 'just the beginning'
- Linux Foundation kicks off effort to shield FOSS maintainers from AI slop bug reports
- Japan to allow ‘proactive cyber-defense’ from October 1st
- DEFION Research Labs
- Ruckus Unleashed: Multiple vulnerabilities exploited
- Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger
- Pwn2Own Automotive 2024: Hacking the JuiceBox 40
- Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)
- DoNex/DarkRace Ransomware Decryptor
- CVE-2024-20693: Windows cached code signature manipulation
- Bringing process injection into view(s): exploiting all macOS apps using nib files
- Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing
- Getting SYSTEM on Windows in style
- Technical analysis of the Genesis Market
- Bad things come in large packages: .pkg signature verification bypass on macOS
- Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution
- Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS
- Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution
- Process injection: breaking all macOS security layers with a single vulnerability
- Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution
- Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass
- CoronaCheck App TLS certificate vulnerabilities
- Sandbox escape + privilege escalation in StorePrivilegedTaskService
- Proctorio Chrome extension Universal Cross-Site Scripting
- Zoom RCE from Pwn2Own 2021
- Adobe Acrobat privilege escalation
- iOS VPN support: 3 different bugs
- Sign in with Apple - authentication bypass
- Jenkins - authentication bypass
- DNS rebinding for HTTPS
- Spring Security - insufficient cryptographic randomness
- XenServer - path traversal leading to authentication bypass
- Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root
- NAPALM - command execution on NAPLM controller from host
- MySQL Connector/J - Unexpected deserialisation of Java objects
- Ansible - command execution on Ansible controller from host
- Observium - unauthenticated remote code execution
- cSRP/srpforjava - obtaining of hashed passwords
- StartEncrypt - obtaining valid SSL certificates for unauthorized domains
- Yak Project
- Security Weekly Podcast Network (Audio)