[每日信息流] 2026-01-15 #1115
Description
每日安全资讯(2026-01-15)
- SecWiki News
- 安全客-有思想的安全新媒体
- 双重严重:Ruckus IoT控制器因硬编码密钥泄露面临root权限远程代码执行
- 攻击者借助伪造PDF将合法远程监控管理工具武器化
- 蜜罐陷阱(HoneyTrap)——抵御越狱攻击的全新大语言模型防御框架
- 高危漏洞CVE-2025-52694:研华设备存在 SQL 注入,可导致 IoT设备被完全攻陷
- n8n供应链攻击:滥用社区节点窃取OAuth令牌
- 高危警报:Moxa交换机存在OpenSSH远程代码执行漏洞(CVSS 9.8)
- ValleyRAT_S2病毒攻击组织:投放隐匿恶意软件,窃取金融敏感信息
- 苹果确认谷歌 Gemini 将为 Siri 提供技术支持,强调隐私仍是核心优先级
- 行业热度褪去:戴尔坦言“AI PC”叙事未获消费者认可
- 2026 年Meta战略转向:押注闭源 AI,加码核能投资争夺行业主导权
- 奇安信攻防社区
- Doonsec's feed
- 星链在伊朗:卫星互联网在电子战中的技术分析
- 【接口漏洞第六章第一节】你以为前端参数可控就安全了?聊聊服务器端参数污染
- 各个数据库sql注入及waf绕过
- 拒绝信息差,全网最全渗透测试靶场推荐【2026最新版】
- T-Tech技术回放 | 戴国浩解读:大模型推理效率的核心博弈
- Agentic AI !供应链安全“无人驾驶”时代
- 每日课程更新
- 【免杀】bypass 测试
- 吃瓜!携程被立案调查为哪般?
- 追踪诈骗虚拟货币团伙 渗透内部,世上没有免费的午餐
- 【APP测试】allsafe靶场
- 高危漏洞威胁情报合集 (2026-01-14)
- 【AI安全】Agentic AI 降临!软件供应链安全进入“无人驾驶”时代
- 最新!又一行业数据安全管理办法面向社会征集建议
- 喜报!赛博研究院收到上海市通信管理局的感谢信
- 星链--轨道上的特洛伊木马
- 【大话工控安全】工业控制系统行业知识:电力行业天然气发电场景
- 一文看懂:网络安全中那些“听起来很玄”的安全模型
- 反垄断?
- 关键的FortiSIEM漏洞允许攻击者通过TCP数据包执行任意命令
- tarzan-cms:snakeyaml反序列化(ScriptEngineManager利用链)
- WebDAV+frp内网穿透工具实现像访问本地硬盘一样访问远程NAS
- 边上网边学英语?Ries 外语学习插件,让 AI 帮你营造学习环境
- 日均不到 1.05 元!也许是苹果最具性价比的产品……
- APT | “金眼狗”组织水坑网站攻击活动
- 【漏洞通告】Apache Struts XML外部实体注入漏洞(CVE-2025-68493)
- 微软补丁日安全通告|1月份
- 网络安全信息与动态周报2026年第2期(1月5日-1月11日)
- Armin Ronacher's Thoughts and Writings
- CXSECURITY Database RSS Feed - CXSecurity.com
- paper - Last paper
- Private Feed for M09Ic
- bolucat released 202601141941 at bolucat/Archive
- CHYbeta starred lfnovo/open-notebook
- mgeeky starred ntt-zerolab/Bytecode_Jiu-Jitsu
- kpcyrd contributed to embedded-graphics/embedded-graphics
- itm4n released 2026.01.14-2 at itm4n/PrivescCheck
- jar-analyzer released 5.13 at jar-analyzer/jar-analyzer
- liamg contributed to infracost/proto
- gh0stkey starred Tencent/WeKnora
- Rvn0xsy contributed to Rvn0xsy/tun2socks
- 0xbug starred vercel-labs/agent-browser
- PrefectHQ released 3.6.11.dev4 at PrefectHQ/prefect
- LoRexxar starred yhy0/ChYing
- timwhitez starred eigent-ai/eigent
- gh0stkey starred github/awesome-copilot
- gh0stkey starred ReaJason/No-one
- su18 starred DJ-Raven/swing-modal-dialog
- 4ra1n starred DJ-Raven/swing-modal-dialog
- niudaii starred ZhangHanDong/makepad-skills
- Ridter forked ECheng00/opencode from anomalyco/opencode
- DVKunion starred linshenkx/prompt-optimizer
- pmiaowu starred 666OS/ClashMac
- Rvn0xsy starred usememos/memos
- pydantic released v1.42.0 at pydantic/pydantic-ai
- spf13 starred gomarten/marten
- joaoviictorti starred zer0condition/BusterCall
- LevelBlue Blog
- ElcomSoft blog
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Recent Commits to cve:main
- Microsoft Security Blog
- Tenable Blog
- ongoing by Tim Bray
- LevelBlue SpiderLabs Blog
- Horizon3.ai
- Malwarebytes
- Reverse Engineering
- rtl-sdr.com
- 奇客Solidot–传递最新科技情报
- 安全分析与研究
- 黑鸟
- Black Hills Information Security, Inc.
- 青山青吖
- 安全内参
- 代码卫士
- 天黑说嘿话
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 阿里云应急响应
- 二道情报贩子
- 奇安信 CERT
- 看雪学苑
- 全频带阻塞干扰
- Intigriti
- 绿盟科技CERT
- 网安杂谈
- DataCon大数据安全分析竞赛
- 中国信息安全
- 极客公园
- 数世咨询
- XCTF联赛
- 恒脑与AI
- 安全牛
- 火绒安全
- 嘶吼专业版
- 吾爱破解论坛
- 安全圈
- 复旦白泽战队
- 情报分析师
- 国家互联网应急中心CNCERT
- 深信服千里目安全技术中心
- 字节跳动技术团队
- 迪哥讲事
- 安全419
- 360数字安全
- 悬镜安全
- Over Security - Cybersecurity news aggregator
- OpenAI's hidden ChatGPT Translate tool takes on Google Translate
- South Korean giant Kyowon confirms data theft in ransomware attack
- Microsoft disrupts RedVDS cybercrime platform behind $40 million in scam losses
- France fines Free Mobile €42 million over 2024 data breach incident
- Exploit code public for critical FortiSIEM command injection flaw
- California AG to probe Musk’s Grok for nonconsensual deepfakes
- Verizon Wireless outage puts phones in SOS mode without cell service
- “La tua tessera sanitaria è in scadenza”, ma è phishing: come difendersi
- French data regulator fines telco subsidiaries $48 million over data breach
- Ugandan officials turn off internet on eve of national elections
- From Telegram to Takedown: The Fall of NoName057’s Cyber PsyOp
- Western cyber agencies warn about threats to industrial operational technology
- Poland says it repelled major cyberattack on power grid, blames Russia
- Microsoft updates Windows DLL that triggered security alerts
- Update: Scope of the Avosina Healthcare Solutions Data Breach Clarified
- Patch Tuesday di gennaio 2026: Microsoft corregge due zero-day, di cui una già sfruttata
- Ukraine appoints digital chief as defense minister to drive military reform
- Microsoft smantella RedVDS: sotto i fari la convergenza tra cloud abusato, GenAI e crimine
- ConsentFix debrief: Insights from the new OAuth phishing attack
- Reprompt attack let hackers hijack Microsoft Copilot sessions
- Federal agencies ordered to patch Microsoft Desktop Windows Manager bug
- Cyberattack forces Belgian hospital to transfer critical care patients
- Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners
- Victorian Department of Education says hackers stole students’ data
- Brushstrokes and breaches with Terryn Valikodath
- “Truman Show”: la truffa finanziaria che crea una realtà sintetica per ingannare le vittime
- Comunicazione quantistica: la nuova frontiera della sicurezza digitale europea
- Microsoft: Windows 365 update blocks access to Cloud PC sessions
- Cyber security 2026, perché la tecnologia non è più la risposta: i dati del World Economic Forum
- German Manufacturing Under Phishing Attacks: Tracking a Stealthy AsyncRATCampaign
- Monroe University says 2024 data breach affects 320,000 people
- Leveraging Landlock telemetry for Linux detection engineering
- Così l’IA e il Quantum computing cambieranno la cyber security
- Patch Tuesday, January 2026 Edition
- California privacy agency appoints surveillance expert to board
- Malware Intercepts Googlebot via IP-Verified Conditional Logic
- 赛博昆仑CERT
- Securityinfo.it
- ICT Security Magazine
- 360威胁情报中心
- Schneier on Security
- SANS Internet Storm Center, InfoCON: green
- Security Affairs
- TorrentFreak
- The Hacker News
- Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
- AI Agents Are Becoming Privilege Escalation Paths
- Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware
- Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
- New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification
- Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited
- Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
- PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces
- Deep Web
- Blackhat Library: Hacking techniques and research
- Technical Information Security Content & Discussion
- Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
- I'm The Captain Now: Hijacking a global ocean supply chain network
- Bad Vibes: Comparing the Secure Coding Capabilities of Popular Coding Agents
- Fortinet Forticlient EMS RCE CVE-2025-59922 and one IMG tag to rule them all
- Go Big or GO HOME!
- Krebs on Security
- Computer Forensics
- Your Open Hacker Community
- The Register - Security
- New Linux malware targets the cloud, steals creds, and then vanishes
- France fines telcos €42M for sub-par security prior to 24M customer breach
- 'Imagination the limit': DeadLock ransomware gang using smart contracts to hide their work
- Cyber-stricken Belgian hospitals refuse ambulances, transfer critical patients
- Eurail passengers taken for a ride as data breach spills passports, bank details
- UK backtracks on digital ID requirement for right to work
- Spanish power giant sparks breach probe amid claims of massive data grab
- Anthropic finds $1.5 million to help Python Foundation improve security
- Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm
- Information Security
- Deeplinks