[每日信息流] 2026-01-16 #1119
Description
每日安全资讯(2026-01-16)
- Doonsec's feed
- 苹果手机间谍软件Predator中未公开的反检测反蜜罐反取证技术
- 大量网安应届生岗位招贤纳士-100人
- 第152篇:希水涵Web日志分析工具(ABC_123原创)| 识别攻击行为,生成可视化报告
- Apache Struts XWork XML外部实体注入漏洞CVE-2025-68493 附POC
- 开源 | 告别重复对接,这款消息推送平台全渠道搞定
- Rust 开发的 Web 安全扫描器 Lonkero:智能模式、OOBZero 和现代 Web 适配详解
- AI博弈时代:自动化攻击与智能防御的技术演进
- 【高危漏洞预警】React Router目录遍历漏洞CVE-2025-61686
- 【高危漏洞预警】OpenCode AI编码代理未认证HTTP服务器漏洞(CVE-2026-22812)
- 若依(RuoYi)框架漏洞战争手册
- 大模型越狱 3.0!公式代码击穿 GPT-4 防线
- 美国联邦人工智能高级官员:完整名单(第一部分)
- 【安全锐评】信息安全是一个模块,一个体系,而非是一个角色,一类岗位
- TC260-PG-20261A人工智能加速芯片安全功能技术规范
- 【吃瓜】《逆战:未来》T0级事故,全服送神器,玩家冲烂直播间刷屏退钱
- AI 颠覆网络安全:五大核心革命,重构行业底层逻辑
- src | 奇怪的任意用户重置密码组合拳漏洞
- 一名合格红队的成长之路
- WWW 2025(oral)| 利用大模型与强化学习“降维打击”恶意流量检测系统
- 高危漏洞威胁情报合集 (2026-01-15)
- 【AI安全】大模型越狱 3.0!公式代码击穿 GPT-4 防线
- 0117.我是如何发现 Google 表单漏洞的(重复内部漏洞 - 已修复)
- 【大话工控安全】工业控制系统行业知识:电力行业光伏发电场景
- 让我大调查一下你们
- 水一篇某米OA任意文件读取
- 奇安信发布智能网联汽车云平台漏洞报告:九成存漏洞,超七成涉高危风险
- 奇安信中标某大型银行开发安全扩容项目
- DIDCTF-2024盘古石杯决赛内存分析+2025陇剑杯siem与勒索软件入侵响应
- 安全行业进入下半场:为什么“更好的技术”已经卖不动了
- 追觅内部群炸了!员工怒怼CEO俞浩!
- Microsoft SQL Server 存在允许攻击者通过网络提升权限漏洞
- Spring CLI 存在允许攻击者在用户系统上执行命令漏洞
- 针对 Oracle WebLogic 中间件的一体化渗透测试工具:WeblogicTool
- 利用AI逆向CTF-APK
- CISO与CIO关系破裂的12个征兆与修复指南
- 赛宁「CP·AI大型实验场」全新发布,构筑产业级AI实践基座
- 免费赠送 | 青少年安全意识科普素材(第十一期)
- AI锐评网络安全的现状
- 【接口漏洞第六章第二节】参数污染漏洞挖掘详解:“截断”与“注入”实操手册
- 黑灰产内部黑话全集,隐藏语义系统!
- 绿盟科技入选安全牛《智能物联网(AIoT)安全技术与应用研究(2025 版)》报告,物联安全领域再获行业认可
- 一线民警必备!这款智能单元让 “零口供” 案件再也不是难题
- 别错过!1 月电子数据调查分析技术(中级)线上培训即将开班
- 疑似某 APT 组织样本
- 我国推出首个金融气象AI模型“熵机”,为上市公司、金融机构提供决策支撑
- AI快讯:4项人工智能安全标准公开征求意见,千问App上线AI购物
- SecWiki News
- Private Feed for M09Ic
- pydantic released v1.43.0 at pydantic/pydantic-ai
- WAY29 starred iOfficeAI/AionUi
- oiweiwei released v1.2.13 at oiweiwei/go-msrpc
- PrefectHQ released 3.6.11 at PrefectHQ/prefect
- joaoviictorti starred rust-lang/bors
- bolucat released 202601151945 at bolucat/Archive
- 4ra1n starred ZacharyZcR/vmware-mcp
- 4ra1n starred yyhuni/xingrin
- zema1 starred unode/firefox_decrypt
- WAY29 starred STranslate/STranslate
- safedv starred MayerDaniel/the-one-wsl-bof
- PrefectHQ released 3.6.11.dev5 at PrefectHQ/prefect
- gh0stkey starred GhostPack/SharpUp
- Rvn0xsy starred anywherelan/awl
- timwhitez forked timwhitez/agent-browser from vercel-labs/agent-browser
- timwhitez starred johnsonjason/KeProcessOverlay
- zema1 starred charmbracelet/bubbletea
- niudaii starred ChangeYourWay/Fenrir-CodeAuditTool
- Ridter starred code-yeongyu/oh-my-opencode
- gh0stkey starred gorhill/uBlock
- usestrix released v0.6.1 at usestrix/strix
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- 先知安全技术社区
- paper - Last paper
- Recent Commits to cve:main
- 安全客-有思想的安全新媒体
- Der Flounder
- 奇安信攻防社区
- LevelBlue SpiderLabs Blog
- Bug Bounty in InfoSec Write-ups on Medium
- Horizon3.ai
- Malwarebytes
- GuidePoint Security
- Wallarm
- Dhole Moments
- Checkmarx
- 安全分析与研究
- 奇客Solidot–传递最新科技情报
- 看雪学苑
- rtl-sdr.com
- HackerNews
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 安全内参
- 奇安信 CERT
- 威努特安全网络
- 天御攻防实验室
- 二道情报贩子
- 黑鸟
- 丁爸 情报分析师的工具箱
- 默安科技
- 安全学术圈
- 中国信息安全
- 代码卫士
- 极客公园
- M01N Team
- 天黑说嘿话
- OPPO安全中心
- 吾爱破解论坛
- 威胁猎人Threat Hunter
- 情报分析师
- 安全圈
- 深信服千里目安全技术中心
- 嘶吼专业版
- 360数字安全
- Arturo Di Corinto
- Over Security - Cybersecurity news aggregator
- Gootloader now uses 1,000-part ZIP archives for stealthy delivery
- Anchorage police department takes servers offline after cyberattack on service provider
- Grubhub confirms hackers stole data in recent security breach
- Chinese hackers targeting ‘high value’ North American critical infrastructure, Cisco says
- Hackers exploit Modular DS WordPress plugin flaw for admin access
- Verizon blames nationwide outage on a "software issue"
- Creating a Rust VBS Enclave DLL running in VTL1
- Iran’s internet shutdown is now one of its longest ever, as protests continue
- Insider Threats: Turning 2025 Intelligence into a 2026 Defense Strategy
- Microsoft Copilot Studio extension for VS Code now publicly available
- Predicting 2026
- NSA, Cyber Command nominee defends record during Senate hearing
- Global Innovation forum: l’innovazione delle startup passa da Seul
- Normative europee e attacchi cyber: il quadro della sicurezza digitale in Italia ed Europa
- Google to pay $8.25 million to settle lawsuit alleging children’s privacy violations
- Critical flaw lets hackers track, eavesdrop via Bluetooth audio devices
- Germany turns to Israel for a ‘cyber dome’ amid rising threats
- How to automate just-in-time access to applications with Tines
- Elon Musk’s X says it will block Grok from making sexual images
- Iran e Starlink: la fine del mito della connettività “a prova di censura”
- UAT-8837 targets critical infrastructure sectors in North America
- Dark covenant in Russia: le 3 dimensioni del patto fra attori criminali e segmenti dello Stato
- Referente CSIRT: chi è, cosa fa e perché la designazione NIS2 è cruciale
- Fusion Fireside #15: Exploring PSD3 and PSR with Frederik Mennes
- FTC bans GM from selling drivers' location data for five years
- ANY.RUN & Tines: Scale SOC and Meet SLAs with Powerful Automation
- Microsoft smantella RedVDS, rete globale di cybercrime-as-a-service
- Palo Alto Networks warns of DoS bug letting hackers disable firewalls
- Vendor Risk Management: come rendere misurabile il rischio dei fornitori
- Microsoft disrupts massive RedVDS cybercrime virtual desktop service
- DeadLock Ransomware: Smart Contracts for Malicious Purposes
- Google's Personal Intelligence links Gmail, Photos and Search to Gemini
- Google plans to make Chrome for Android an agentic browser with Gemini
- ChatGPT's upcoming cross-platform feature is codenamed "Agora"
- TrustedSec
- Qualys Security Blog
- 希潭实验室
- 数世咨询
- Schneier on Security
- Lenny Zeltser
- Tails - News
- 迪哥讲事
- 白帽子章华鹏
- The Hacker News
- AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
- Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
- Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
- ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
- Model Security Is the Wrong Frame – The Real Risk Is Workflow Security
- 4 Outdated Habits Destroying Your SOC's MTTR in 2026
- Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud
- Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login
- Securityinfo.it
- Trend Micro Research, News and Perspectives
- SANS Internet Storm Center, InfoCON: green
- Security Affairs
- A ransomware attack disrupted operations at South Korean conglomerate Kyowon
- Central Maine Healthcare data breach impacted over 145,000 patients
- Palo Alto Networks addressed a GlobalProtect flaw, PoC exists
- Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers
- China bans U.S. and Israeli cybersecurity software over security concerns
- Dark Space Blogspot
- TorrentFreak
- Tor Project blog
- The Register - Security
- Cisco finally fixes max-severity bug under active attack for weeks
- Chinese spies used Maduro's capture as a lure to phish US govt agencies
- Flipping one bit leaves AMD CPUs open to VM vuln
- Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork
- A simple CodeBuild flaw put every AWS environment at risk – and pwned 'the central nervous system of the cloud'
- US regulator tells GM to hit the brakes on customer tracking
- Woman bailed as cops probe doctor's surgery data breach
- Microsoft taps UK courts to dismantle cybercrime host RedVDS
- Ofcom keeps X under the microscope despite Grok 'nudify' fix
- AWS flips switch on Euro cloud as customers fret about digital sovereignty
- Security Weekly Podcast Network (Audio)
- Deeplinks
- ICT Security Magazine
- Full Disclosure