[每日信息流] 2026-03-27

[chainreactorbot]

每日安全资讯（2026-03-27）

• Private Feed for M09Ic
  • anthropics released v2.1.85 at anthropics/claude-code
  • github released v0.4.3 at github/spec-kit
  • kpcyrd contributed to Eugeny/russh
  • bolucat released 202603262016 at bolucat/Archive
  • kpcyrd forked kpcyrd/androidqf from mvt-project/androidqf
  • CHYbeta starred wuyoscar/ISC-Bench
  • IC3-CR3AM starred nashsu/opencli-rs-skill
  • Rvn0xsy starred BloopAI/vibe-kanban
  • liamg contributed to infracost/go-proto
  • zeroclaw-labs released v0.6.3 at zeroclaw-labs/zeroclaw
  • huoji120 starred mem0ai/mem0
  • agentscope-ai released v1.0.18 at agentscope-ai/agentscope
  • zsxsoft forked zsxsoft/openclaw from openclaw/openclaw
  • gh0stkey starred karpathy/autoresearch
  • gh0stkey starred idootop/open-xiaoai
• SecWiki News
  • SecWiki News 2026-03-26 Review
• CXSECURITY Database RSS Feed - CXSecurity.com
  • esiclivre 0.2.2 SQL Injection
  • Payara Server Cross Site Scripting
  • SiYuan < = v3.6.1 Note unauthenticated arbitrary file read (path traversal)
  • Tenda AC21 V1.0 V16.03.08.16 - Stack Buffer Overflow in SetNetControlList
  • WWBN AVideo < = 26.0 - Authenticated SQL Injection
• Doonsec's feed
  • 【智能简报】全球安全态势报告3.25-3.26
  • 【培训】开源情报分析师实战能力培训班-4月成都开班（有邀请函）
  • Coruna框架与三角测量行动的技术同源性报告
  • 假如妳在周杰伦的歌里过一生| 从前有个女儿殿下得了公主病，慢慢才懂听妈妈的话，后来她变成了外婆&巫婆
  • 赶紧查查，你的AI助手，很有可能正在偷取你的数据！
  • 挖不到高危就去“捡垃圾”
  • 为什么厉害的红队er都有自己的“小圈子”？
  • 上周面试一个技术岗，前30分钟聊得不错。问到离职原因，他顿了顿 “跟部门一个同事闹了矛盾，领导偏私，搞得每天上班很压抑，索性走了。
  • N0.1只有肯动手实践的人才是社区最适合的人
  • 被毕业的同事并没有消失
  • [技术深浅] Linux提权完全指南
  • no money 获得openclaw同款推送
  • 小白也能学会的红队基础：隐匿、工具、流量、善后全攻略
  • Upload Labs 第12关：利用 %00 截断修改保存路径实现上传绕过。
  • 想监控内网传输的文件？用Suricata这个功能就够了
  • Agent开发｜从0实现Agent（四）：构建基于DAG图的任务系统（复杂任务协同篇）
  • 前置准入平台 - 守一（Soone）
  • 介绍视频
  • 【漏洞通告】HCL Traveler存在信息泄露漏洞（CVE-2026-21783）
  • 【漏洞通告】Ubiquiti UniFi Network Server存在输入验证错误漏洞(CVE-2026-22559)
  • 【漏洞通告】sbt存在命令注入漏洞(CVE-2026-32948)
  • 【漏洞通告】NVIDIA SNAP-4 Container存在拒绝服务漏洞(CVE-2025-33215)
  • 【漏洞通告】NVIDIA SNAP-4 Container存在缓冲区溢出漏洞(CVE-2025-33216)
  • 这个开源工具能自动检查安全漏洞
  • 超 4.8 亿下载！LiteLLM 遭恶意投毒
  • frida课程更新
  • CSS 也能拿 Shell？解析Chrome在野 0-day 漏洞 CVE-2026-2441
  • 【0day】深科特 LEAN MES系统 /Handler/MobileAppLogin.ashx SQL注入漏洞
  • 【0day】深科特 LEAN MES系统 DownLoad.aspx 任意文件读取漏洞
  • [漏洞复现]微力同步-Verysync任意文件读取漏洞(VEID-2026-11111)
  • 这个人以什么为生
  • 使用 opencode 开发微信小程序会议系统
  • C23-X05 魅影潜伏与仿冒陷阱：银狐组织借OpenClaw安装包实施攻击活动深度分析
  • 安徽普思标准技术: 从R155到GB：汽车网络安全法规分析与企业应对策略
  • 智能汽车网络安全与信息安全基础培训课程 2026
  • 陕西汽车控股集团: 车辆UN ECE R155认证方案解析
  • 从源码到上线：Rust 单文件 Loader 的免杀Defender艺术
  • CastelFirm 正式上线！AI 驱动挖掘 80+ 真实 0-day，固件安全的"王炸"来了
  • 安卓逆向第二阶段正式完结！三阶段来了，EXP开发、Frida与AI逆向机器人、算法还原与模拟、设备指纹与游戏分析。木鱼沙箱内测
  • 【权限维持BOF】：JHeart 一键扫描上线主机“白加黑”维权点
  • OpenClaw 近期安全漏洞修复汇总报告
  • G.O.S.S.I.P 阅读推荐 2026-03-26 先污染后治理
  • @所有人，5月北京见！渊亭科技军事智能产品体系全线升级
  • 跟着红队笔记打靶：FourAndSix2.01
  • 一文聊透AI里的Token
  • Wazuh 实战：Agent 掉线告警从 Level 3 到三层防御体系
  • 2026 美团科研合作课题 | 公开征集启动
  • 报名｜ICLR 2026 美团学术论文精选及分享会（下）
  • Gartner观点：2026年数据和分析重要趋势预测
  • 项目推荐 | 专注于PHP代码审计的Skill
  • 供应链预警｜LiteLLM、Apifox两起供应链投毒事件，请尽快应急
  • 微软发布新指南，以检测和防御供应链攻击
  • GitHub 上出现的虚假 VS Code 安全警报被用于大规模网络钓鱼活动中推送恶意软件
  • 中信银行从AI First迈向AI Fast，“十五五”末实现90%以上核心业务流程AI重塑
  • AI快讯：淘宝天猫将上线“龙虾版”生意管家，千万级Token赠送启动，Meta新一轮裁员数百人
  • 招商银行厦门分行医疗场景机器人项目供应商征集
  • 【安全圈】虚假OpenClaw代币赠礼活动瞄准GitHub开发者实施钱包清空骗局
  • 【安全圈】卡巴斯基示警微软用户：无代码 AI 工具沦为网络钓鱼“隐形外衣”
  • 【安全圈】热门 Python 库 LiteLLM 遭供应链攻击，后门窃取凭证和认证令牌
  • 红队工具 - MDUT-Extend 植入高级间谍木马（RAT）全链路分析
  • Apifox 投毒事件深度分析：供应链攻击敲响开发者工具安全警钟
  • 论坛·原创 | 创新探索数字时代全球网络空间治理的中国方案
  • 国家安全部：谨防深度伪造魔改陷阱
  • 专家解读 | 健全衍生数据治理机制 释放数字经济新动能
  • 观点 | 探索人工智能环境下的数据安全治理路径
  • 评论 | 强化打击跨境电诈的执法合力
  • 对标2026 RSAC创新沙盒冠军，方向竟如此一致！绿盟科技以中国方案守护AI智能体安全
  • 奥尔登堡大学 | SoK：从 CTI 报告中自动化抽取 TTP——我们真的做到这一步了吗？
  • 天融信：「Apifox、LiteLLM、Context Hub」AI供应链投毒事件分析（附报告下载）
  • LiteLLM供应链投毒事件分析
  • 又一个开发工具沦陷，Apifox遭供应链投毒攻击
  • RSAC 2026现场：全球网络安全大厂都发布了哪些新品？
  • 欧洲最大渔港因勒索攻击运营中断，被迫人工维持货运作业
  • 信任劫持：ClawHub漏洞让攻击者轻松刷榜，摇身一变成为热门首选技能
  • 探索AI时代下CMMI融合创新与实践路径——“走进CMMI优秀案例企业”首站活动在信安世纪成功举办
  • 今年的春招，比往年都要惨烈！
  • 脱离业务的风险管控都是空谈？亿格云枢AI-IRM：懂业务的风险“调查官”
  • 安言咨询：金融法草案发布，对金融业网络安全工作有什么影响？
  • 免费赠送 | 青少年安全意识科普素材（第二十期）
  • OpenClaw 的那些神奇技能
  • 团体标准小课堂第一期：什么是团体标准？
  • 省经信厅办公室关于启动2026年企业上云服务券申领工作的通知
  • 首届一流网安人才培养学生工作论坛成功举办
  • MDUT-Extend 黑吃灰投毒事件深度溯源分析报告
  • 2026数字中国创新大赛数字安全赛道暨三明市第六届"红明谷”杯大赛WP
  • 《命运石之门》：不该被低估的科幻神作
  • 西安市网信办通报一批涉网络安全、数据安全典型案例
  • 中国信通院院长余晓晖：AI企业需主动加强大模型、智能体等技术安全加固
  • CAN信号的Intel格式和Motorola格式有什么区别？
• Recent Commits to cve:main
  • Update Thu Mar 26 11:18:19 UTC 2026
• Tenable Blog
  • Uncover prompt injection, insider threats with the Tenable One Model Refusal Detection
• No Headback
  • CLI Everything 和 AI native infra
• 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  • 2025企业邮箱安全报告发布：AI攻击升级，技术与管理协同成防护趋势
  • 美亚柏科培育的取证圈“小龙虾”来了
  • AI时代中国网络安全产业的五年变局|| 影子AI之困：企业数据安全最大的灰犀牛
  • 嘶吼安全动态｜工信部征求AI安全治理标准，规范模型上下文协议安全 浙江警方破获特大电商数据泄露案，200万条订单信息被贩卖
• Sucuri Blog
  • Web Shells: Types, Mitigation & Removal
• ElcomSoft blog
  • Distributed Password Recovery Goes 64-bit: Ready for RTX 5090
• Insinuator.net
  • Methodology for Assessing Kubernetes Namespace-Based Multi-Tenancy Setups
• Sandfly Security Blog RSS Feed
  • Destination Linux Podcast: Tor, VPNs and Anonymity Risks
  • Linux Password Hash Risks and Security Overview
  • Destination Linux Cybersecurity Interview with Craig Rowland
  • Sandfly 5.5 - AI Linux Forensics Analysis Demo
  • Sandfly 5.7 - Performance Upgrade
• Bug Bounty in InfoSec Write-ups on Medium
  • From Delaying Certifications to Passing eJPT: My Real Journey
  • Improper Input Handling Leading to Client Side Code Execution and Backend Information Disclosure
  • A Practical Workflow for Fuzzing and Scanning in Bug Bounty
• Reverse Engineering
  • Latest Akamai v3 deobfuscator static reversal of dynamic per request
  • r2gopclntabParser: A radare2-based Go gopclntab parser for recovering function symbols from Go binaries, including fully stripped ones.
  • My DAP couldn't display Arabic text, so I reverse engineered the firmware format to fix it
• Malwarebytes
  • Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka
  • GlassWorm attack installs fake browser extension for surveillance
  • Landmark verdicts put Meta’s “addiction machine” platforms on trial
• Securelist
  • An AI gateway designed to steal your data
  • Coruna: the framework used in Operation Triangulation
• daniel.haxx.se
  • Don’t trust, verify
• 明天的乌云
  • Agent与人的协作关系
• bishopfox.com
  • strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication
• 奇客Solidot–传递最新科技情报
  • 实验室培育食管恢复猪的吞咽能力
  • 微软将默认收集 GitHub Copilot 交互数据训练 AI
  • 晋江封禁 “老天奶”引争议
  • GNOME 基金会宣布面向资深开发者的奖学金计划
  • Sora 为何失败：每天推理成本最高 1500 万美元总收入仅为 210 万美元
  • 汽车钠离子电池能在 11 分钟内完成充电
  • 学生说服学校设立 Tor 中继节点
  • Meta 和 YouTube 在社媒上瘾案中犯有疏忽罪
  • 新西兰卫生部警告员工不要用生成式 AI 撰写临床记录
  • 加拿大移民局根据 AI 虚构的工作描述拒绝移民申请
• 绿盟科技技术博客
  • 对标2026 RSAC创新沙盒冠军，方向竟如此一致！绿盟科技以中国方案守护AI智能体安全
• 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
  • 苹果向iPhone设计团队发放奖金以应对挖角
• 腾讯玄武实验室
  • 每日安全动态推送(26/3/26)
• 代码卫士
  • TP-Link：速修复这个严重的路由器认证绕过漏洞
  • Citrix：尽快修复这两个 NetScaler 漏洞
• 安全分析与研究
  • 内存执行技术——无文件攻击的核心
• 黑鸟
  • Coruna框架与三角测量行动的技术同源性报告
• 信安之路
  • 快来看，编辑器正在帮我挖漏洞啦！
• 威努特安全网络
  • 工信部发文部署2026年ICT行业网络运行安全工作
• 安全内参
  • RSAC 2026现场：全球网络安全大厂都发布了哪些新品？
  • 欧洲最大渔港因勒索攻击运营中断，被迫人工维持货运作业
• 白帽100安全攻防实验室
  • MongoBleed 供应链攻击逆向分析报告（详细版）
• 绿盟科技研究通讯
  • OpenClaw安全实战系列二：白名单也防不住？复盘CVE-2026-28363授权绕过全过程
• 奇安信 CERT
  • 今日（2026年3月26日）OpenClaw 最新安全动态总结
• 全频带阻塞干扰
  • 震惊！无人机企业总工办公室查出窃听器！
• 微步在线研究响应中心
  • 大规模失陷！Apifox遭投毒，请立即排查
• 看雪学苑
  • Android 内核加载未签名驱动的一次实践
  • GitHub上惊现“空投”骗局，5000美元诱饵背后是钱包清零陷阱
  • 报名中！Android逆向内核攻防实战进阶：以开源项目 APatch 为实战框架
• 绿盟科技CERT
  • 【安全事件】AI基础设施LiteLLM供应链投毒预警通告
  • 【安全事件】Apifox桌面客户端遭供应链投毒分析
• 天御攻防实验室
  • 美四位前国家安全局局长同台献艺
• 中国信息安全
  • 论坛·原创 | 创新探索数字时代全球网络空间治理的中国方案
  • 国家安全部：谨防深度伪造魔改陷阱
  • 专家解读 | 健全衍生数据治理机制 释放数字经济新动能
  • 观点 | 探索人工智能环境下的数据安全治理路径
  • 评论 | 强化打击跨境电诈的执法合力
• 安全研究GoSSIP
  • G.O.S.S.I.P 阅读推荐 2026-03-26 先污染后治理
• 天黑说嘿话
  • AI赋能CTF比赛-Web类(burpmcp+kalimcp)
• 微步在线
  • 硅基员工一名，即将空降
• 安全学术圈
  • 奥尔登堡大学 | SoK：从 CTI 报告中自动化抽取 TTP——我们真的做到这一步了吗？
• 安全圈
  • 【安全圈】虚假OpenClaw代币赠礼活动瞄准GitHub开发者实施钱包清空骗局
  • 【安全圈】卡巴斯基示警微软用户：无代码 AI 工具沦为网络钓鱼“隐形外衣”
  • 【安全圈】热门 Python 库 LiteLLM 遭供应链攻击，后门窃取凭证和认证令牌
• 安全牛
  • Gemini API密钥“静默升级”：一场隐藏在AI浪潮中的账单炸弹
  • Google提前至2029年部署抗量子加密，行业迁移压力加剧；GitHub通知机制被滥用，OpenClaw开发者遭钱包清空型钓鱼攻击 | 牛览
  • 《AI赋能数据安全自动化运营实践》 报告调研启动
• 黑哥虾撩
  • Apifox 供应链攻击事件（AiPy自查）
• NOVASEC
  • 【工具】revsuit dns/http/mysql/rmi/ldap/ftp Log记录器更新
• 补天平台
  • AI Skills 安全分析：机遇与挑战并存的双刃剑
• M01N Team
  • LiteLLM 供应链投毒深度分析：从 TeamPCP 连环攻击到全生态沦陷判
  • APIFox 供应链投毒事件复盘：从 Electron 安全配置缺陷到 CDN 劫持
• 极客公园
  • 那个靠「玩灯」出圈的手机品牌，现在想用 AI 让你自己在手机上造 App
  • 前阿里 90 后 P10 ，要造 AI 世代的「哈利波特」，而入口是一张 NFC 卡片
  • 赚钱和 AI，Keep 都想要
  • 首批「首席龙虾官」月薪达 6 万；投入1000亿，拼多多组建「新拼姆」；小米正式终止 MIUI 系统更新｜极客早知道
• 软件安全与逆向分析
  • 安卓逆向第二阶段正式完结！三阶段来了，EXP开发、Frida与AI逆向机器人、算法还原与模拟、设备指纹与游戏分析。木鱼沙箱内测
• 数世咨询
  • RSAC：不要将预算从现有安全工具转向人工智能
  • 直播预约 | 见证一名硅基员工 空降过程
• 嘶吼专业版
  • AI时代中国网络安全产业的五年变局|| 影子AI之困：企业数据安全最大的灰犀牛
  • 下周一截止！《2026 AI+网络安全产业生态图谱》调研申报即将结束
  • 嘶吼安全动态｜工信部征求AI安全治理标准，规范模型上下文协议安全 浙江警方破获特大电商数据泄露案，200万条订单信息被贩卖
• 情报分析师
  • 你发的每一条动态，都是别人眼里的情报！情报视角下的社交平台，普通人到底暴露了多少自己
  • 美日关键矿产行动计划深度分析——稀土价格规则重构、制度性去我化与我战略风险研判
  • 别只会看官网，真正会做情报的人，怎么一眼看穿一家公司——7个维度情报调查法，把对手摸透从招聘信息开始
  • 世界上最古老的情报智库，刚刚被俄列为"不受欢迎组织"——揭秘RUSI，那个在白厅低调运转近两百年的大脑
• 枇杷熟了
  • 紧急预警 | AI开发者必看LiteLLM遭PyPI供应链投毒
• 腾讯安全威胁情报中心
  • OpenClaw 近期安全漏洞修复汇总报告
• TrustedSec
  • Policy as Code: Stop Writing Policies and Start Compiling Them
• 美团技术团队
  • 2026 美团科研合作课题 | 公开征集启动
  • 报名｜ICLR 2026 美团学术论文精选及分享会（下）
• 迪哥讲事
  • xss绕过
• Over Security - Cybersecurity news aggregator
  • Web Shells: Types, Mitigation & Removal
  • Ajax football club hack exposed fan data, enabled ticket hijack
  • CISA: New Langflow flaw actively exploited to hijack AI workflows
  • Alleged RedLine malware developer extradited to US, faces up to 30 years
  • TP-Link, Canva, HikVision vulnerabilities
  • A puppet made me cry and all I got was this t-shirt
  • Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks
  • US official accuses China of supporting, exploiting cyber scam crisis in Southeast Asia
  • Diventare resilienti by design: proteggere il perimetro non basta più
  • Gemini sul Dark Web: strumento di difesa o nuova frontiera del controllo?
  • Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware
  • UK sanctions Xinbi marketplace linked to Asian scam centers
  • Apple rolls out age verification to UK iPhone users
  • A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know
  • Top Dark Web Telegram Groups & Channels (2026)
  • WhatsApp rolls out more AI features, iOS multi-account support
  • TikTok for Business accounts targeted in new phishing campaign
  • Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
  • Coruna iOS exploit framework linked to Triangulation attacks
  • EU investigating Snapchat and pornography sites in child safety crackdown
  • Russia arrests suspected owner of LeakBase cybercrime forum
  • Talos Takes: 2025 insights from Talos and Splunk
  • Russia detains alleged admin of LeakBase cybercrime forum weeks after global crackdown
  • UK sanctions Chinese crypto marketplace tied to scam compounds
  • Suspected RedLine infostealer malware admin extradited to US
  • Nova Scotia Power Data Breach Compromises Data of Over 900,000 Users
  • An AI gateway designed to steal your data
  • 1-15 March 2026 Cyber Attacks Timeline
  • Global Magecart Campaign Puts Banks Under Pressure, Leveraging Redsys Payment Mimicry and Hijacking
  • Three Individuals Charged for Trying to Smuggle ‘America-Made’ AI Tech Worth $170M
  • Resilienza digitale 2.0: integrare l’AI nel perimetro di sicurezza DORA
  • La nuova Cyber Strategy USA va oltre i confini nazionali: i 6 pilastri operativi
  • Node.js Fixes Critical Flaws, Patches DoS Risk in Latest Security Update
  • Attacco alla sanità: ecco perché una cartella clinica vale fino a mille euro nel dark web
  • Coruna: the framework used in Operation Triangulation
  • Port of Vigo Hit by Ransomware Attack, Cargo Systems Disrupted
  • The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break
  • RedLine Infostealer Network’s Second Defendant Now Faces a U.S. Court
  • ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026
  • Scuf Gaming - 128,683 breached accounts
  • Kali Linux 2026.1 Launches with 8 New Tools, UI Refresh, and Kernel Upgrade
  • Sound Radix - 292,993 breached accounts
  • Magento sotto attacco: PolyShell, sfruttamento di massa in pochi giorni
• Tails - News
  • Tails 7.6
• 安全行者老霍
  • 首席信息安全官要保障现实和未来的安全
• bellingcat
  • Evidence Points to US Scattering Mines over Iranian Village
• HACKMAGEDDON
  • 1-15 March 2026 Cyber Attacks Timeline
• ICT Security Magazine
  • TeamPCP avvelena LiteLLM: la supply chain Python per sviluppatori AI sotto attacco
  • LAPSUS$ rivendica data breach di AstraZeneca: codice sorgente, chiavi cloud e dati interni in vendita sul Dark Web
  • Il Giappone autorizza l'”Hack Back”: da ottobre 2026 Tokyo potrà colpire i cyber-attaccanti
• 吾爱破解论坛
  • AIDA64 8.25.8200 Business 逆向工程与Keygen实战
• SANS Internet Storm Center, InfoCON: green
  • TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)
  • ISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866, (Thu, Mar 26th)
• Have I Been Pwned latest breaches
  • Scuf Gaming - 128,683 breached accounts
  • Sound Radix - 292,993 breached accounts
• Schneier on Security
  • As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
• The Hacker News
  • China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
  • [Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
  • Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
  • Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
  • ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
  • Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks
  • WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
• Trend Micro Research, News and Perspectives
  • Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities
  • Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise
• TorrentFreak
  • Spotify and Labels Seek $322 Million Default Judgment Against Anna’s Archive
• The Register - Security
  • Brit lawmaker targeted by AI deepfake fails to get answers from US Big Tech
  • UK wants to know if banning under-16s from social media does anything useful
  • Indian government probes CCTV espionage operation linked to Pakistan
• Security Affairs
  • U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog
  • Coruna exploit reveals evolution of Triangulation iOS exploitation framework
  • Researchers uncover WebRTC skimmer bypassing traditional defenses
  • Russian authorities arrest alleged LeakBase admin behind stolen data marketplace
• 熵减矩阵
  • NVIDIA 对 Agent 安全问题交出的答卷：OpenShell 深度架构分析
• Deep Web
  • Epstein
• Tor Project blog
  • New Release: Tails 7.6
• Computer Forensics
  • How are we pulling iMessages from iCloud?
  • Forensic audit on ex-admin: How to track unauthorized file copying and lateral movement?
  • Champlain MS in Digital Forensic Science vs. MS in Digital Forensic Analytics
• Your Open Hacker Community
  • getting sims saves off a locked computer
  • Deceased friend help please he was smart
  • What is the most profitable thing in hacking without the need to be a NSA level hacker?
• Blackhat Library: Hacking techniques and research
  • Guys just poll it
  • YC demo day had 196 startups… nobody’s talking about the security side of all this
• Information Security
  • Meet LeakNet - the ransomware group that gets you to hack yourself
  • Detection Engineers/SOC Analysts: Wondering about what was the most useful thing you guys found that really helped to bridge the gap in terms of the lack of context in order to fine tune the alert more easily. -or claim as False Positive quickly-
  • Participants needed for university research on deepfake detection (18+, Computing Related Fields, 8–10 min)
  • Risk Justification Engine - Is this a framework engine that would help CISOS
  • Risk Justification Engine - Is this a Frame that help with politics flow
  • How a single unpatched Go dependency almost cost us a SOC 2 certification
• netsecstudents: Subreddit for students studying Network Security and its related subjects
  • can you guys pls explain to me how email account get hacked and what to do after?
  • Shadow AI is outpacing IT’s ability to track it, and the real issue isn’t security
  • This might sound cheesy, but does anyone know of a community/group I could join focused on netsec?
  • Looking for a beginner learning partner in cybersecurity
  • Made a CTF from a server I actually had in production — 10 routes, AI coach optional
• Technical Information Security Content & Discussion
  • Making NTLM-Relaying Relevant Again by Attacking Web Servers with WebRelayX
  • Disabling Security Features in a Locked BIOS
  • Magento PolyShell – Unauthenticated File Upload to RCE in Magento (APSB25-94)
  • Dangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AI
  • Common Entra ID Security Assessment Findings – Part 1: Foreign Enterprise Applications With Privileged API Permissions
  • Exploiting AQL Injection Vulnerabilities in ArangoDB
  • What I Learned from a $2,000 Pen Test
  • LiteLLM malware supply chain attack analysis (pt-BR only, sorry)
• GRAHAM CLULEY
  • Smashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfie
• Deeplinks
  • Traffic Violation! License Plate Reader Mission Creep Is Already Here
  • Supreme Court Agrees With EFF: ISPs Don't Have To Be Copyright Enforcers
• Security Weekly Podcast Network (Audio)
  • Scanning The Internet with Linux Tools - PSW #919

[zhaog100]

/attempt

[zhaog100]

/attempt