[每日信息流] 2026-01-20 #1123
Description
每日安全资讯(2026-01-20)
- 安全客-有思想的安全新媒体
- 1340 亿美元豪赌:马斯克起诉 OpenAI,加州监管重拳同时砸向 xAI
- CVE-2026-0695:ConnectWise PSA 2026.1 修复高危跨站脚本(XSS)漏洞
- 虚假生产力工具:5 款恶意 Chrome 扩展劫持企业会话
- 未修补的远程代码执行漏洞:Livewire Filemanager 文件上传缺陷(CVE-2025-14894)影响 Laravel 应用
- Deno 高危漏洞可导致密钥泄露(CVE-2026-22863)与代码执行(CVE-2026-22864)
- 2026 年会迎来微芯片植入的 “ChatGPT 时刻” 吗?
- 大规模清理行动:X 平台禁用 “信息金融”,彻底打击 AI 生成的加密垃圾帖
- 五款恶意 Chrome 扩展程序伪装成 Workday 与 NetSuite 以劫持账户
- AI 系统将攻击重建时间从数周缩短至数小时
- OpenStack 管理员权限伪造漏洞:CVE-2026-22797 允许用户 “申请” root 权限
- SecWiki News
- Private Feed for M09Ic
- kpcyrd contributed to swhid/swhid-rs
- kpcyrd forked kpcyrd/swhid-rs from swhid/swhid-rs
- mgeeky starred preludeorg/ThreatIntelligenceConsumer
- oiweiwei released v1.2.14 at oiweiwei/go-msrpc
- kpcyrd contributed to kpcyrd/repro-threshold
- TideSec starred SourByte05/Vulnerability-Wiki-PoC
- OpenAEV-Platform released 2.0.12 at OpenAEV-Platform/openaev
- mgeeky starred SiriusScan/Sirius
- zema1 starred konoui/lipo
- niudaii starred whitzard-ai/jade-db
- mgeeky starred CyberSecurityUP/n8n-CyberSecurity-Workflows
- PrefectHQ released 3.6.12.dev4 at PrefectHQ/prefect
- gh0stkey starred vercel-labs/json-render
- timwhitez starred firecracker-microvm/firecracker
- gh0stkey starred 21st-dev/1code
- usestrix released v0.6.2 at usestrix/strix
- gh0stkey starred GongRzhe/Office-Word-MCP-Server
- rabbitmask starred dyndynjyxa/aio-coding-hub
- mgeeky starred karol-broda/snitch
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Doonsec's feed
- 2026年国家自然科学基金安全领域部分题目列表
- 接口泄露到任意账号登录
- 组里有个技术大牛,喜欢搞黑科技,自己封装了一套极其复杂的“万能工具类”,全组都在用。他离职后,这套工具类出了Bug,根本没人敢动
- Jolla Phone & Sailfish OS 5:一部能真正 “闭嘴” 的手机
- 吃瓜现场:前男友用抖音小号约妹,借口竟说在“挖漏洞”?
- 「吃瓜」前男友抖音小号约妹,借口:我在挖漏洞?
- 【安卓】Termux-X——移动端渗透终端模拟器应用
- 分布式日志分析与入侵检测系统 - LogVision
- 一文讲清:Hadoop集群到底该用JBOD还是 RAID?
- EsnInfoSec: Chat - 群组话题与论坛授权ID|26/01/19日
- 做AI的驾驶员
- 阿里云waf-bypass-mssql
- Langflow RCE(CVE-2025-3248)
- 利用ai逆向js爽挣1500
- 手把手教你成为白帽黑客!Web架构基础(上)
- 从开赌场到盗窃 网安工程师涉案罪名三改
- 【渗透实战系列】|56-海康安防后渗透利用分析
- 利用 GEO !暴力收割生成式引擎 40% 流量!
- 【网络安全】鸿蒙6应用网络抓包的高阶技巧与实践
- 此仓库包含针对易受攻击的 Windows 驱动程序的概念验证 (PoC)
- CVE-2026-23745:node-tar 任意文件覆盖
- AI自动化代码审计RCE
- 内网渗透体系建设指南:从 0 到 1 搭建,小白也能看懂!
- G.O.S.S.I.P 阅读推荐 2026-01-19 LibSig
- 【情报】台湾无人机企业汇总分析
- 社招 | 中银金融科技招聘网络安全岗(上海/北京/雄安)
- 【工业控制系统网络安全系列课程】第1课-ICS组网基础
- 表情符号攻击:LLM 安全防线的隐蔽威胁
- 【好靶场】云安全专场-WP
- Mythic 后渗透框架分析
- 代码审计之XXE与SSRF与Struts2审计案例
- 精细化监管:《互联网应用程序个人信息收集使用规定(征)》实务要点解读
- 代码审计之SpringBoot_Servlet_MVC框架
- 可私有化部署!国产 IoT 物联网平台,兼容 MQTT、Modbus、OPC、PLC设备协议、消息路由、数据存储和分析、Web可视化大屏
- Path哨兵 - 哨兵系列第三弹
- 代码审计之Servlet与SpringBoot与shiro的鉴权机制
- Windows SMB 客户端漏洞使攻击者拥有 Active Directory
- JAVA安全之RMI注入与攻击方式
- 【干货】讲透SPF、DKIM和DMARC属性
- 2023陇剑杯半决赛&决赛-流量分析
- 今天大家聊得起劲
- 网络空间安全知识选择题100题和填空题56题
- 【AI安全】利用 GEO 框架!暴力收割生成式引擎 40% 流量!
- Langflow远程代码执行漏洞(CVE-2025-3248)
- 微软2026年1月安全更新导致远程桌面连接凭据提示失败
- CNNVD:人工智能重要漏洞通报(2026年第一期)
- 正义不再“排队”!下一代电子数据取证鉴定实验室,正加速向我们走来!
- 2025平航杯wp(计算机+AI+手机)
- Recent Commits to cve:main
- 奇安信攻防社区
- Malwarebytes
- daniel.haxx.se
- Reverse Engineering
- HackerNews
- 奇客Solidot–传递最新科技情报
- 赵武的自留地
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 安全分析与研究
- 腾讯玄武实验室
- 黑鸟
- 安全客
- 代码卫士
- 看雪学苑
- 青衣十三楼飞花堂
- 安全内参
- 安全研究GoSSIP
- 天御攻防实验室
- 威胁棱镜
- 安全圈
- 二道情报贩子
- 威努特安全网络
- 中国信息安全
- 极客公园
- 安全牛
- 数世咨询
- 电子物证
- 嘶吼专业版
- 阿里安全响应中心
- 丁爸 情报分析师的工具箱
- 情报分析师
- 威胁猎人Threat Hunter
- 字节跳动技术团队
- 安全419
- CNVD漏洞平台
- 云鼎实验室
- Over Security - Cybersecurity news aggregator
- Fake ad blocker extension crashes the browser for ClickFix attacks
- New PDFSider Windows malware deployed on Fortune 100 firm's network
- Raaga - 10,225,145 breached accounts
- UK govt. warns about ongoing Russian hacktivist group attacks
- Hacker admits to leaking stolen Supreme Court data on Instagram
- Piattaforme di criptovalute: fra opacità e tracciabilità, gli ostacoli per il contrasto alle truffe
- Il Dns come asset strategico di sicurezza
- Oltre le dimissioni di un componente del Garante privacy: le 4 opzioni in gioco
- Jordanian pleads guilty to selling access to 50 corporate networks
- 1-15 January 2026 Cyber Attacks Timeline
- Iranian state TV feed reportedly hijacked to air anti-regime messages
- Ingram Micro says ransomware attack affected 42,000 people
- Il caso OVHcloud e l’illusione della sovranità dei dati
- deVixor: An Evolving Android Banking RAT with Ransomware Capabilities Targeting Iran
- Nuova campagna di phishing a tema SPID sfrutta Google Sites
- OpenAI hostname hints at a new ChatGPT feature codenamed "Sonata"
- Dall’entusiasmo all’adozione strategica: un framework per la maturità dei sistemi IA
- CERT-AGID 10-16 gennaio: ancora phishing PagoPA e nuovi malware bancari
- New OpenAI leak hints at upcoming ChatGPT features
- Have I Been Pwned latest breaches
- ICT Security Magazine
- Securityinfo.it
- Schneier on Security
- Instapaper: Unread
- Firefox joins Chrome and Edge as sleeper extensions spy on users
- Proc Filesystem
- I dispositivi audio che usate tutti i giorni potrebbero avere un gravissimo problema di sicurezza. Ecco come risolverlo
- Everything is a Proxy if You Try Hard Enough- Old RFCs, New Exploits | Ken Pyle
- The Death of Physical Imaging Understanding the New Standard in Mac Forensics
- 39C3 - Suing spyware in Europe news from the front!
- 39C3 - DNGerousLINK A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
- The power of Portable Case Unleashing evidence discovery for all investigators
- Memory Forensics Beyond the Endpoint Volatile Evidence in Modern Cloud and Edge Environments
- Interactive Replays of Conversations A New Tool
- HACKMAGEDDON
- The Hacker News
- Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
- ⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
- DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses
- New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
- CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures
- Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
- Trend Micro Research, News and Perspectives
- TorrentFreak
- Blackhat Library: Hacking techniques and research
- Technical Information Security Content & Discussion
- Security Affairs
- Deep Web
- netsecstudents: Subreddit for students studying Network Security and its related subjects
- Information Security
- Your Open Hacker Community
- 迪哥讲事
- The Register - Security
- Broker who sold malware to the FBI set for sentencing
- Don't underestimate pro-Russia hacktivists, warns UK's cyber crew
- Windows 11 shutdown bug forces Microsoft into out-of-band damage control
- Ingram Micro admits summer ransomware raid exposed thousands of staff records
- UK prime minister stares down barrel of ban on social media for kids
- Warwickshire school to reopen after cyberattack crippled IT
- Royal Navy's helicopter drone makes its first autonomous flight
- ATM maintenance tech broke the bank by forgetting to return a key
- Microsoft hiring energy strategists to power its Asian datacenters
- Security Weekly Podcast Network (Audio)