# 每日安全资讯(2026-03-12) - Private Feed for M09Ic - [ ] [github released v0.2.1 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.2.1) - [ ] [bolucat released 202603112007 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202603112007) - [ ] [mgeeky starred anmolksachan/AI-ML-Free-Resources-for-Security-and-Prompt-Injection](https://github.com/anmolksachan/AI-ML-Free-Resources-for-Security-and-Prompt-Injection) - [ ] [strands-agents released v1.30.0 at strands-agents/sdk-python](https://github.com/strands-agents/sdk-python/releases/tag/v1.30.0) - [ ] [anthropics released v2.1.73 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.73) - [ ] [zeroclaw-labs released v0.1.7-beta.30 at zeroclaw-labs/zeroclaw](https://github.com/zeroclaw-labs/zeroclaw/releases/tag/v0.1.7-beta.30) - [ ] [lz520520 starred oxfemale/CVE-2026-20817](https://github.com/oxfemale/CVE-2026-20817) - [ ] [liamg starred infracost/agent-skills](https://github.com/infracost/agent-skills) - [ ] [jar-analyzer released 5.16 at jar-analyzer/jar-analyzer](https://github.com/jar-analyzer/jar-analyzer/releases/tag/5.16) - [ ] [Mr-xn starred tanweai/pua](https://github.com/tanweai/pua) - [ ] [mgeeky starred soufianetahiri/dnspy-mcp](https://github.com/soufianetahiri/dnspy-mcp) - [ ] [LoRexxar starred upstash/context7](https://github.com/upstash/context7) - [ ] [Ridter starred P4nda0s/reverse-skills](https://github.com/P4nda0s/reverse-skills) - [ ] [Mel0day starred larksuite/openclaw-lark](https://github.com/larksuite/openclaw-lark) - [ ] [PrefectHQ released 3.6.22.dev7 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.6.22.dev7) - [ ] [zema1 starred Wei-Shaw/sub2api](https://github.com/Wei-Shaw/sub2api) - [ ] [niudaii starred HKUDS/CLI-Anything](https://github.com/HKUDS/CLI-Anything) - [ ] [CHYbeta starred photon-hq/qclaw-wechat-client](https://github.com/photon-hq/qclaw-wechat-client) - [ ] [timwhitez starred Eric-Ant/SelfInjectPE](https://github.com/Eric-Ant/SelfInjectPE) - [ ] [wh0amitz starred koala73/worldmonitor](https://github.com/koala73/worldmonitor) - [ ] [pmiaowu starred trailofbits/skills](https://github.com/trailofbits/skills) - [ ] [gh0stkey starred netease-youdao/LobsterAI](https://github.com/netease-youdao/LobsterAI) - [ ] [future-architect released v0.38.6 at future-architect/vuls](https://github.com/future-architect/vuls/releases/tag/v0.38.6) - 安全客-有思想的安全新媒体 - [ ] [侧边栏里的间谍假冒AI浏览器插件窃取90万用户数据](https://www.anquanke.com/post/id/315092) - [ ] [Kubernetes安全预警Ingress-Nginx注入漏洞可致集群密钥全局泄露](https://www.anquanke.com/post/id/315095) - [ ] [Budibase存在高危漏洞 可导致生产环境密钥全面泄露](https://www.anquanke.com/post/id/315099) - [ ] [Radware推出Alteon Protect实现云级ADC应用安全防护](https://www.anquanke.com/post/id/315102) - [ ] [研究人员打造AI智能体 可全自动实施诈骗通话](https://www.anquanke.com/post/id/315106) - [ ] [黑客利用微软Teams诱骗员工开放远程访问权限](https://www.anquanke.com/post/id/315110) - [ ] [微软推出365 E5升级套件与Agent 365 AI管控平台](https://www.anquanke.com/post/id/315113) - [ ] [GhostClaw伪装成OpenClaw窃取开发者设备数据](https://www.anquanke.com/post/id/315116) - [ ] [OpenAI将安全初创企业纳入核心架构 强化AI安全防护能力](https://www.anquanke.com/post/id/315124) - [ ] [SAP发布重要安全更新 修复高危远程代码执行漏洞](https://www.anquanke.com/post/id/315127) - [ ] [科技云报到:从北京到内蒙,xCloud联想智能云3年“数字迁徙”背后的密码](https://www.anquanke.com/post/id/315090) - LoRexxar's Blog | 信息技术分享 - [ ] [Re0(2) - OpenClaw到底为什么爆火?](https://lorexxar.cn/2026/03/11/reai2/) - SecWiki News - [ ] [SecWiki News 2026-03-11 Review](http://www.sec-wiki.com/?2026-03-11) - Tenable Blog - [ ] [Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury](https://www.tenable.com/blog/cyber-retaliation-analyzing-iranian-cyber-activity-following-operation-epic-fury) - Microsoft Security Blog - [ ] [Contagious Interview: Malware delivered through fake developer job interviews](https://www.microsoft.com/en-us/security/blog/2026/03/11/contagious-interview-malware-delivered-through-fake-developer-job-interviews/) - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com - [ ] [蠕虫式XMRig挖矿攻击借BYOVD漏洞规避检测](https://www.4hou.com/posts/kgyK) - Darknet – Hacking Tools, Hacker News & Cyber Security - [ ] [Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry](https://www.darknet.org.uk/2026/03/credential-stuffing-in-2025-how-combolists-infostealers-and-account-takeover-became-an-industry/) - Recent Commits to cve:main - [ ] [Update Wed Mar 11 11:22:08 UTC 2026](https://github.com/trickest/cve/commit/5f96217929faf8795163e699a0f6f6856fe0eda2) - paper - Last paper - [ ] [基于图像的提示注入:通过视觉嵌入的对抗性指令劫持多模态大语言模型](https://paper.seebug.org/3471/) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [PostMessage Misconfiguration + AI Prompt Injection + Sandbox Escape = XSS & Data Exfiltration](https://infosecwriteups.com/postmessage-misconfiguration-ai-prompt-injection-sandbox-escape-xss-data-exfiltration-d1d29821a2de?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [️Turning Directory Data into Domain Access](https://infosecwriteups.com/%EF%B8%8Fturning-directory-data-into-domain-access-74ce70eed60e?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [XSS Bypass to Zero Click Account Takeover in AI Chatbot](https://infosecwriteups.com/xss-bypass-to-zero-click-account-takeover-in-ai-chatbot-a19acee8266f?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Citrix Bleed: How a Single Bug Leaked Corporate Secrets (CVE-2023–4966)](https://infosecwriteups.com/citrix-bleed-how-a-single-bug-leaked-corporate-secrets-cve-2023-4966-45e9c6fbe9f6?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Zomato Privacy Flaw: How the ‘Friend Recommendations’ Feature Enables Location Stalking](https://infosecwriteups.com/how-a-zomato-feature-enables-stalking-which-they-call-working-as-intended-4372ccf56a77?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [I Found a Bug That Exposed Private Instagram Posts to Anyone.](https://infosecwriteups.com/i-found-a-bug-that-exposed-private-instagram-posts-to-anyone-eebb7923f7e3?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Chaining the Boredom: How a Quiet Weekday Led to a Full Database Heist](https://infosecwriteups.com/chaining-the-boredom-how-a-quiet-weekday-led-to-a-full-database-heist-a680a77a533e?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Hackviser — Cryptanalysis walkthrough](https://infosecwriteups.com/hackviser-cryptanalysis-walkthrough-19b291173d00?source=rss----7b722bfd1b8d--bug_bounty) - GuidePoint Security - [ ] [Modernizing Identity Security: Why You Still Need AD in a Cloud-First World](https://www.guidepointsecurity.com/blog/modernizing-identity-security-why-you-need-ad-in-cloud/) - Didier Stevens - [ ] [Update: zipdump.py Version 0.0.34](https://blog.didierstevens.com/2026/03/11/update-zipdump-py-version-0-0-34/) - [ ] [Update: pecheck.py Version 0.7.20](https://blog.didierstevens.com/2026/03/11/update-pecheck-py-version-0-7-20/) - The Trail of Bits Blog - [ ] [Six mistakes in ERC-4337 smart accounts](https://blog.trailofbits.com/2026/03/11/six-mistakes-in-erc-4337-smart-accounts/) - Horizon3.ai - [ ] [From Patch Tuesday to Pentest Wednesday®: A University’s Journey to Measure Blast Radius](https://horizon3.ai/intelligence/blogs/pw_measure-blast-radius/) - PortSwigger Blog - [ ] [PortSwigger X Intigriti: Burp Suite Professional licenses up for grabs with this new collaboration](https://portswigger.net/blog/portswigger-x-intigriti-burp-suite-professional-licenses-up-for-grabs-with-this-new-collaboration) - Malwarebytes - [ ] [Phishers hide scam links with IPv6 trick in “free toothbrush” emails](https://www.malwarebytes.com/blog/scams/2026/03/phishers-hide-scam-links-with-ipv6-trick-in-free-toothbrush-emails) - [ ] [Sextortion “I recorded you” emails reuse passwords found in disposable inboxes](https://www.malwarebytes.com/blog/news/2026/03/sextortion-i-recorded-you-emails-reuse-passwords-found-in-disposable-inboxes) - [ ] [Watch out for tax-season robocalls pushing fake “relief programs”](https://www.malwarebytes.com/blog/threat-intel/2026/03/watch-out-for-tax-season-robocalls-pushing-fake-relief-programs) - [ ] [March 2026 Patch Tuesday fixes two zero-day vulnerabilities](https://www.malwarebytes.com/blog/news/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities) - Intigriti - [ ] [Intigriti collaborates with PortSwigger to support ethical hacking excellence](https://www.intigriti.com/blog/news/intigriti-collaborates-with-portswigger-to-support-ethical-hacking-excellence) - Hacking Dream - [ ] [AI Penetration Testing: A Complete Guide to AI Red Teaming, Agentic AI and LLM Security](https://www.hackingdream.net/2026/03/ai-penetration-testing-complete-guide-to-ai-red-teaming.html) - daniel.haxx.se - [ ] [curl 8.19.0](https://daniel.haxx.se/blog/2026/03/11/curl-8-19-0/) - Offensive Security Blog: Latest Trends in Hacking | Praetorian - [ ] [When Proxies Become the Attack Vectors in Web Architectures](https://www.praetorian.com/blog/reverse-proxy-header-attacks/) - Black Hills Information Security, Inc. - [ ] [Understanding GRC: How to Navigate Risks and Compliance Standards](https://www.blackhillsinfosec.com/understanding-grc/) - 奇客Solidot–传递最新科技情报 - [ ] [5,863 款游戏去年的 Steam 收入超过 10 万美元](https://www.solidot.org/story?sid=83743) - [ ] [科学家首次成功恢复冷冻鼠脑的活动](https://www.solidot.org/story?sid=83742) - [ ] [FreeBSD 14.4-RELEASE 释出](https://www.solidot.org/story?sid=83741) - [ ] [Debian 决定不对 AI 代码下定论](https://www.solidot.org/story?sid=83740) - [ ] [数学正在经历历史巨变](https://www.solidot.org/story?sid=83739) - [ ] [为节省燃料亚洲多国下令公务员在家远程办公](https://www.solidot.org/story?sid=83738) - [ ] [亚马逊要求资深工程师批准 AI 辅助的代码变更](https://www.solidot.org/story?sid=83737) - [ ] [图灵奖得主 Tony Hoare 去世,享年 92 岁](https://www.solidot.org/story?sid=83736) - [ ] [殷拓集团考虑出售 SUSE](https://www.solidot.org/story?sid=83735) - [ ] [因安全担忧 Ig 诺贝尔奖颁奖典礼将在欧洲举行](https://www.solidot.org/story?sid=83734) - 安全分析与研究 - [ ] [针对银狐黑产组织全球化战略样本分析](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247495888&idx=1&sn=53aeeb00c5db43f5fbad1e3c014731ca) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [优步与亚马逊的自动驾驶公司Zoox达成协议](https://blog.upx8.com/%E4%BC%98%E6%AD%A5%E4%B8%8E%E4%BA%9A%E9%A9%AC%E9%80%8A%E7%9A%84%E8%87%AA%E5%8A%A8%E9%A9%BE%E9%A9%B6%E5%85%AC%E5%8F%B8Zoox%E8%BE%BE%E6%88%90%E5%8D%8F%E8%AE%AE) - [ ] [英伟达向NEBIUS投资以支持其部署算力容量](https://blog.upx8.com/%E8%8B%B1%E4%BC%9F%E8%BE%BE%E5%90%91NEBIUS%E6%8A%95%E8%B5%84%E4%BB%A5%E6%94%AF%E6%8C%81%E5%85%B6%E9%83%A8%E7%BD%B2%E7%AE%97%E5%8A%9B%E5%AE%B9%E9%87%8F) - 黑鸟 - [ ] [Zombie ZIP畸形压缩包技术可绕过绝大多数杀毒引擎](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451185708&idx=1&sn=55eb12a156d58b3f42b71a470accb94a) - 看雪学苑 - [ ] [Linux Netfilter 匿名集合 UAF 漏洞 (CVE-2023-32233) 复现与利用分析](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458612011&idx=1&sn=128b33964750a5d037c8e6e5bdd61483) - [ ] [问境AIST首发|以AI治理AI,悬镜原创多模态AIST新品发布](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458612011&idx=2&sn=86f52dfce91bc5c8125a30ba96608633) - [ ] [新型BeatBanker安卓恶意软件伪装Starlink应用,窃取资金并消耗设备算力挖矿](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458612011&idx=3&sn=e8c8d277afdcd2d36c9540e0bdd54c66) - [ ] [26年春季招生中 | 系统0day安全-IOT设备漏洞挖掘(第6期)](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458612011&idx=4&sn=4ef13d019b611249d05604179064f5c9) - 代码卫士 - [ ] [微软3月补丁星期二值得关注的漏洞](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525382&idx=1&sn=a2fde96ec371ca6512bbfc25b9f18f99) - [ ] [HPE:严重的 AOS-CX 漏洞可导致管理员密码重置](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525382&idx=2&sn=06b4525563ab07cf6f52031e2bfe2464) - 丁爸 情报分析师的工具箱 - [ ] [【情报分析】以色列总理内塔尼亚胡死了?](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651154766&idx=1&sn=92d6302fe122096ef1a0df9cf193842e) - 奇安信威胁情报中心 - [ ] [当心“龙虾”变“毒蝎”:你在GitHub上领的“龙虾”可能有毒!](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247517919&idx=1&sn=671ef71f8b265d9986808afd496797e9) - Flanker论安全 - [ ] [企业真的需要 OpenClaw 吗?](https://mp.weixin.qq.com/s?__biz=MzI3ODI4NDM2MA==&mid=2247484045&idx=1&sn=1a357e19e0233e7841fffa22bf193150) - 奇安信 CERT - [ ] [微软3月补丁日多个产品安全漏洞风险通告:5个紧急漏洞、6个重要漏洞](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247504728&idx=1&sn=05337017aead9b7f6854278892acf8c0) - 安全客 - [ ] [ClaudeOpus4.6发现Firefox22个安全漏洞,AI自主漏洞研究实现关键突破](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649789731&idx=1&sn=20e4f6c24d62417dc43d53e241c10d0c) - 信安之路 - [ ] [仅 1 小时 首个腾讯超低危漏洞确认了!!!](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247500383&idx=1&sn=5a555f31730386c319e15e55b153cccb) - 安全内参 - [ ] [麦肯锡AI助手被红队AI攻陷:近5000万条聊天记录可任意访问 涉海量客户机密数据](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515662&idx=1&sn=da8c2dc81017a413362c5e32f3ce20a6) - [ ] [CNCERT:关于OpenClaw安全应用的风险提示](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515662&idx=2&sn=739aad7f90664037d4e16f51465f6c8b) - 黑哥虾撩 - [ ] [使用Zoomeye 和 AiPy 捕获 Coruna 样本](https://mp.weixin.qq.com/s?__biz=Mzg5OTU1NTEwMg==&mid=2247484497&idx=1&sn=0b609734e0cd791e816729101d7208ea) - 中国信息安全 - [ ] [李艳:特朗普第二任期科技安全政策透视](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260053&idx=1&sn=37b098ddd7d22e68b1d06501c54eba5d) - [ ] [通知 | 网安标委下达16项网络安全推荐性国家标准计划](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260053&idx=2&sn=2f5d5170c56085ce21bdc294fdf26c16) - [ ] [关注 | 新一批重点防范境外恶意网址和恶意IP公布!](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260053&idx=3&sn=477d45d73d6941588a165559600da6ba) - [ ] [观点 | 生成式人工智能时代如何筑牢个人信息保护防线](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260053&idx=4&sn=1c70ee4a4a9450c410a732ba798e7641) - Wallarm - [ ] [Agent-to-Agent Attacks Are Coming: What API Security Teaches Us About Securing AI Systems](https://lab.wallarm.com/agent-to-agent-attacks-api-security-ai-systems/) - XCTF联赛 - [ ] [SUCTF 2026|倒计时3天!](https://mp.weixin.qq.com/s?__biz=MjM5NDU3MjExNw==&mid=2247516185&idx=1&sn=c5fc7125e6ec0ec41d8aa2c1f002b741) - 天黑说嘿话 - [ ] [用OpenClaw+Ollama+千问7B, 养一只不用花Token的龙虾](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247486022&idx=1&sn=e4508131a40e3e606a3651d4e53cac4f) - 安全牛 - [ ] [58% 的 CISO 认为企业无力抵御网络攻击!四大核心难题掣肘安全议程落地](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140699&idx=1&sn=ab2d3c6d899230fcb7116a7405be6b06) - [ ] [国家信息安全漏洞库通报多个OpenClaw安全漏洞;问境AIST首发|以AI治理AI,悬镜原创多模态AIST新品发布| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140699&idx=2&sn=0d2eda037d3d1cb7a6c0bf7b91b91e55) - 微步在线 - [ ] [OpenClaw给我装了个木马](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650185589&idx=1&sn=34bdfa68978e662597732051606e48e7) - 信息安全国家工程研究中心 - [ ] [关于OpenClaw“龙虾”的安全风险提示](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247503110&idx=1&sn=12598de673eb309c929d2ec95b6cacb9) - 天御攻防实验室 - [ ] [美国国家安全局是否存在针对伊朗断网的B计划?](https://mp.weixin.qq.com/s?__biz=MzU0MzgyMzM2Nw==&mid=2247486789&idx=1&sn=ec5b47c11208c5418ca57ccca258489e) - 安全圈 - [ ] [【安全圈】文言文击穿大模型安全防线,顶级模型的全线溃败](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074602&idx=1&sn=71541cba8e88493809b1ead0467372e1) - [ ] [【安全圈】Windows 系统级漏洞开卖:要价超 150 万元!可获系统级权限](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074602&idx=2&sn=a2631a48700407c06cf33e85949c71f4) - [ ] [【安全圈】新型 ClickFix 攻击激增 500%,虚假验证码诱骗 Mac 用户运行恶意代码](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074602&idx=3&sn=ade2e5b7f2961b4a3f5082131d35b995) - 嘶吼专业版 - [ ] [蠕虫式XMRig挖矿攻击借BYOVD漏洞规避检测](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247587063&idx=1&sn=cb86147fd9dc9a1ad5ff055ffc99b99c) - [ ] [国家信息安全漏洞库(CNNVD)重要漏洞提示 | 人工智能重要安全漏洞的通报-OpenClaw多个安全漏洞](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247587063&idx=2&sn=548c42597bf635c81fecc50d8c4233c4) - 火绒安全 - [ ] [2026-03微软漏洞通告](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531349&idx=1&sn=14642cabd26f7b318d2d7ea7af1a740c) - [ ] [火绒小问答 ——「个人版」常见恶意网址拦截](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531349&idx=2&sn=da836fbd47c7987a9ecdffdd22119c6b) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531349&idx=3&sn=3c9e28e4ca80085f84b0894e71ad0979) - 国家互联网应急中心CNCERT - [ ] [网络安全信息与动态周报2026年第10期(3月2日-3月8日)](https://mp.weixin.qq.com/s?__biz=MzIwNDk0MDgxMw==&mid=2247501324&idx=1&sn=c244a3b5001b61169c244535fdf291c4) - 深信服千里目安全技术中心 - [ ] [微软补丁日安全通告|3月份](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525133&idx=1&sn=c0aab765fd3665eb5adf460a40f6127a) - [ ] [网络安全信息与动态周报2026年第10期(3月2日-3月8日)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525133&idx=2&sn=659712b3bf135398588145c627a90d09) - 360数字安全 - [ ] [官方频发“龙虾”风险提示,360推出全网首份OpenClaw安全部署指南](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585345&idx=1&sn=6bca830a425e9bd0f19070cd31c6fc4a) - 唯品会安全应急响应中心 - [ ] [VSRC春日换新派对](https://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&mid=2652281749&idx=1&sn=dca93572f07ee3c916fb37e69a55c75e) - 迪哥讲事 - [ ] [电子宠物“龙虾”(OpenClaw 🦞)偷拍,窃密漏洞复现](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499179&idx=1&sn=48d5e01246f8f8373e621116b105b6fa) - 数世咨询 - [ ] [问境 AIST 首发:悬镜以 AI 治理 AI,推出原创多模态 AI 原生安全新品](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541983&idx=1&sn=1c5f5c196035c3d4a6524442887b75bf) - [ ] [通报来了 | OpenClaw多个安全漏洞被国家信息安全漏洞库(CNNVD)通报](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541983&idx=2&sn=bd87a1eb329980db1484710200628d54) - 威努特安全网络 - [ ] [大连市政企领导一行莅临威努特考察交流](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651140544&idx=1&sn=f234d33179a2998af871463f150f24af) - 安全行者老霍 - [ ] [从ChatGPT的疏忽到完全访问GitHub:无人察觉的攻击路径](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486047&idx=1&sn=5b41063e80fe22300a7aaf896c9b832b) - 极客公园 - [ ] [阿里 AI 战略再分析:探路与修路同步,滚动前进,融入世界](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100745&idx=1&sn=5be05abfa0f945f99cee2d144a9fe3fb) - [ ] [对话刘夜:OpenClaw 只是「手脚」,我们需要从「数字员工」到「数字组织」,从「造兵」到「布阵」](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100737&idx=1&sn=0180b7074e4f681245b396f3208c5ddf) - [ ] [小红书:严格打击 AI 托管账号;Meta 收购「龙虾社交」网站 Moltbook;英伟达黄仁勋发长文定义「AI 五层结构」 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100714&idx=1&sn=c67d151c07c69333a904a078714c2f42) - 枇杷熟了 - [ ] [枇杷熟了-全球网络安全日报2026-03-11](https://mp.weixin.qq.com/s?__biz=MzU0MzkzOTYzOQ==&mid=2247489950&idx=1&sn=baa21390ac889cabacbca8e3f648e036) - 阿里安全响应中心 - [ ] [王牌A计划|一月月度奖励](https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652998647&idx=1&sn=75a48ac17dc098117f3f907fe834ced2) - 纽创信安 - [ ] [硬核协同!OSR×ETAS 一体化 HSM 方案,为本土芯片筑牢安全根基](https://mp.weixin.qq.com/s?__biz=MzAwNTczMjAzMg==&mid=2650240915&idx=1&sn=5d100d73f1c311c8582400597040f230) - 情报分析师 - [ ] [137个AI项目、暗网门户与深度伪造——美西方情报机构如何用人工智能在全球"猎捕"间谍](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567031&idx=1&sn=f88849e4b4516b42bc66071d2fb6aea9) - 慢雾科技 - [ ] [AI 与 Web3 智能体安全综合解决方案](https://mp.weixin.qq.com/s?__biz=MzU4ODQ3NTM2OA==&mid=2247504418&idx=1&sn=5b2e03843a623b955d80e596b8c1ccae) - Over Security - Cybersecurity news aggregator - [ ] [Rapporto Clusit 2026: cresce l’impatto degli attacchi cyber, ma anche le difficoltà di analisi](https://www.cybersecurity360.it/news/rapporto-clusit-cresce-limpatto-degli-attacchi-cyber-ma-anche-le-difficolta-di-analisi/) - [ ] [DirectX, OpenFOAM, Libbiosig vulnerabilities](https://blog.talosintelligence.com/directx-openfoam-libbiosig-vulnerabilities/) - [ ] [WhatsApp introduces parent-managed accounts for pre-teens](https://www.bleepingcomputer.com/news/security/whatsapp-introduces-parent-managed-accounts-for-pre-teens/) - [ ] [SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites](https://www.bleepingcomputer.com/news/security/sqli-flaw-in-elementor-ally-plugin-impacts-250k-plus-wordpress-sites/) - [ ] [Pro-Iran hacktivist group says it is behind attack on medical tech giant Stryker](https://techcrunch.com/2026/03/11/stryker-hack-pro-iran-hacktivist-group-handala-says-it-is-behind-attack/) - [ ] [Medical device giant Stryker confirms cyberattack as employees say devices were wiped](https://therecord.media/stryker-cyberattack-iran-hackers) - [ ] [CISA orders feds to patch n8n RCE flaw exploited in attacks](https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-n8n-rce-flaw-exploited-in-attacks/) - [ ] [Hacker broke into FBI and compromised Epstein files, report says](https://techcrunch.com/2026/03/11/hacker-broke-into-fbi-and-compromised-epstein-files-report-says/) - [ ] [Medtech giant Stryker offline after Iran-linked wiper malware attack](https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-offline-after-iran-linked-wiper-malware-attack/) - [ ] [Dal porta a porta alla sanzione: Acea Energia paga 2 milioni di euro per violazioni GDPR](https://www.cybersecurity360.it/news/dal-porta-a-porta-alla-sanzione-acea-energia-paga-2-milioni-di-euro-per-violazioni-gdpr/) - [ ] [New PhantomRaven NPM attack wave steals dev data via 88 packages](https://www.bleepingcomputer.com/news/security/new-phantomraven-npm-attack-wave-steals-dev-data-via-88-packages/) - [ ] [Dal Vishing al Domain Controller](https://www.certego.net/blog/dal-vishing-al-domain-controller-kill-chain-di-un-attacco-iniziato-via-microsoft-teams/) - [ ] [Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker](https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/) - [ ] [Web Filtering](https://roccosicilia.com/2026/03/11/web-filtering/) - [ ] [Iran-linked hackers claim cyberattack on Albania’s parliament email systems](https://therecord.media/iran-linked-hackers-claim-cyberattack-albania-parliament) - [ ] [Navigating 2026’s Converged Threats: Insights from Flashpoint’s Global Threat Intelligence Report](https://flashpoint.io/blog/global-threat-intelligence-report-2026/) - [ ] [Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools](https://www.bleepingcomputer.com/news/security/meta-adds-new-whatsapp-facebook-and-messenger-anti-scam-tools/) - [ ] [235,000 affected by cyberattack on largest ambulance provider in Wisconsin](https://therecord.media/235000-affected-cyberattack-ambulance-provider) - [ ] [Iranian influence operation using fake personas to deceive US Instagram users disrupted, Meta says](https://therecord.media/iran-instagram-influence-operation-disrupted) - [ ] [Meta says it culled millions of scam ads amid accusations that it profits from them](https://therecord.media/meta-scam-advertising-crackdown) - [ ] [Aggiornamenti Microsoft: corrette due zero-day e la prima vulnerabilità scoperta dall’IA](https://www.cybersecurity360.it/nuove-minacce/aggiornamenti-microsoft-corrette-due-zero-day-e-la-prima-vulnerabilita-scoperta-dallia/) - [ ] [Phishing EasyPark: il brand sfruttato per sottrarre dati di pagamento e documenti di identità](https://www.d3lab.net/phishing-easypark-il-brand-sfruttato-per-sottrarre-dati-di-pagamento-e-documenti-di-identita/) - [ ] [Tutte le minacce del 2025 e le priorità di difesa nel nuovo anno](https://www.cybersecurity360.it/outlook/tutte-le-minacce-del-2025-e-le-priorita-di-difesa-nel-nuovo-anno/) - [ ] [Spinning complex ideas into clear docs with Kri Dontje](https://blog.talosintelligence.com/spinning-complex-ideas-into-clear-docs-with-kri-dontje/) - [ ] [Agentic AI security: Why you need to know about autonomous agents now](https://blog.talosintelligence.com/agentic-ai-security-why-you-need-to-know-about-autonomous-agents-now/) - [ ] [Microsoft Patch Tuesday March 2026: Two Zero-Days and Critical RCE Bugs Fixed](https://thecyberexpress.com/microsoft-patch-tuesday-march-2026/) - [ ] [Finland Warns Russia and China Cyber Espionage Ops Targeting Tech Sector](https://thecyberexpress.com/russia-and-china-cyberespionage-finland/) - [ ] [L’Iran ha cominciato la contro-guerra cyber: dai Ddos ai sabotaggi, ecco cosa bisogna sapere](https://www.cybersecurity360.it/nuove-minacce/liran-ha-cominciato-la-contro-guerra-cyber-dai-ddos-ai-sabotaggi-ecco-cosa-bisogna-sapere/) - [ ] [FBI Flags Phishing Campaign Collecting Planning and Zoning Permit Payments](https://thecyberexpress.com/planning-and-zoning-permit-phishing-scam/) - [ ] [Iran’s Fake “Shelter Danger” Calls Part of Psychological Cyber Warfare Playbook](https://thecyberexpress.com/irans-psychological-cyber-warfare-playbook/) - [ ] [Microsoft Patch Tuesday, March 2026 Edition](https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/) - [ ] [Handala and the release of strategic information regarding Israeli organizations](https://deepdarkcti.com/handala-and-the-release-of-strategic-information-regarding-israeli-organizations/) - 京东安全应急响应中心 - [ ] [「神医」专家级智能安全助手,一键检修代码漏洞](https://mp.weixin.qq.com/s?__biz=MjM5OTk2MTMxOQ==&mid=2727850621&idx=1&sn=c3ccebaef5ebc17b93ed89b7319a792d) - Krypt3ia - [ ] [Threat Intelligence Analysis Report: Iranian cyber actor capabilities and likely asymmetric retaliation scenarios against U.S. interests](https://krypt3ia.wordpress.com/2026/03/11/threat-intelligence-analysis-report/) - Arturo Di Corinto - [ ] [Manualetto di sicurezza digitale per giornalisti e attivisti](https://dicorinto.it/formazione/manualetto-di-sicurezza-digitale-per-giornalisti-e-attivisti-2/) - bellingcat - [ ] [Tracing Tomahawks: US Missiles Bound for Iran Spotted Over Iraq](https://www.bellingcat.com/news/middle-east/2026/03/11/iran-war-iraq-tomahawks-munitions-syria-located-kurdistan-missiles-fired/) - LR的安全自留地 - [ ] [Re0(2) - OpenClaw到底为什么爆火?](https://mp.weixin.qq.com/s?__biz=MzkwNzMyNjU0MQ==&mid=2247484294&idx=1&sn=f30a13b9d7cbe2d646fba138db662f89) - 悬镜安全 - [ ] [问境AIST首发|以AI治理AI,悬镜原创多模态AIST新品发布](https://mp.weixin.qq.com/s?__biz=MzA3NzE2ODk1Mg==&mid=2647798623&idx=1&sn=6a34afc9df56d9ad01bc1e1683eb9634) - Securityinfo.it - [ ] [Rapporto Clusit 2026: gli attacchi cyber crescono del 49%](https://www.securityinfo.it/2026/03/11/rapporto-clusit-2026-gli-attacchi-cyber-crescono-del-49/?utm_source=rss&utm_medium=rss&utm_campaign=rapporto-clusit-2026-gli-attacchi-cyber-crescono-del-49) - ICT Security Magazine - [ ] [Jailbreak AI autonomo: i modelli di ragionamento come nuova minaccia per la sicurezza dei sistemi intelligenti](https://www.ictsecuritymagazine.com/articoli/jailbreak-ai/) - [ ] [Cybercriminalità nel settore sanitario: minacce ransomware e protezione dei dati sanitari](https://www.ictsecuritymagazine.com/articoli/cybercriminalita-dati-sanitari/) - SANS Internet Storm Center, InfoCON: green - [ ] [Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)](https://isc.sans.edu/diary/rss/32786) - [ ] [ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)](https://isc.sans.edu/diary/rss/32784) - Schneier on Security - [ ] [Canada Needs Nationalized, Public AI](https://www.schneier.com/blog/archives/2026/03/canada-needs-nationalized-public-ai.html) - 赛博昆仑CERT - [ ] [【补丁日速递】2026年3月微软补丁日安全风险通告](https://mp.weixin.qq.com/s?__biz=MzkxMDQyMTIzMA==&mid=2247484997&idx=1&sn=2f619c3f29fd2e1d7e176e77facd4b8e) - 绿盟科技技术博客 - [ ] [各种Claw层出不穷,你的龙虾是否也已沦为“黑客内鬼”?](https://blog.nsfocus.net/%e5%90%84%e7%a7%8dclaw%e5%b1%82%e5%87%ba%e4%b8%8d%e7%a9%b7%ef%bc%8c%e4%bd%a0%e7%9a%84%e9%be%99%e8%99%be%e6%98%af%e5%90%a6%e4%b9%9f%e5%b7%b2%e6%b2%a6%e4%b8%ba%e9%bb%91%e5%ae%a2%e5%86%85/) - [ ] [关键基础设施安全痛点凸显,摄像头安全如何破局?](https://blog.nsfocus.net/%e5%85%b3%e9%94%ae%e5%9f%ba%e7%a1%80%e8%ae%be%e6%96%bd%e5%ae%89%e5%85%a8%e7%97%9b%e7%82%b9%e5%87%b8%e6%98%be%ef%bc%8c%e6%91%84%e5%83%8f%e5%a4%b4%e5%ae%89%e5%85%a8%e5%a6%82%e4%bd%95%e7%a0%b4%e5%b1%80/) - Tor Project blog - [ ] [New Alpha Release: Tor Browser 16.0a4](https://blog.torproject.org/new-alpha-release-tor-browser-160a4/) - The Register - Security - [ ] [Iran plots 'infrastructure warfare' against US tech giants](https://go.theregister.com/feed/www.theregister.com/2026/03/11/iran_threatens_us_tech_companies/) - [ ] [Iran-linked cyber crew says they hit US med-tech firm](https://go.theregister.com/feed/www.theregister.com/2026/03/11/us_medtech_firm_stryker_cyberattack_iran/) - [ ] [Meta, international cops use handcuffs and AI to stop scammers](https://go.theregister.com/feed/www.theregister.com/2026/03/11/meta_international_cops_ai_scammers/) - [ ] [ICO fines Police Scotland over data-sharing debacle in gross misconduct case](https://go.theregister.com/feed/www.theregister.com/2026/03/11/ico_fines_police_scotland_over/) - [ ] [Swiss e-voting pilot can't count 2,048 ballots after USB keys fail to decrypt them](https://go.theregister.com/feed/www.theregister.com/2026/03/11/swiss_evote_usb_snafu/) - [ ] [Dutch cops bust teen suspected of posing as bank staff to steal cards](https://go.theregister.com/feed/www.theregister.com/2026/03/11/dutch_teenager_fraud_arrest/) - [ ] [EU legal eagle says banks should refund cybercrime victims first, argue later](https://go.theregister.com/feed/www.theregister.com/2026/03/11/eu_psd2_compensation/) - [ ] [Building the UK’s next generation of cyber talent](https://go.theregister.com/feed/www.theregister.com/2026/03/11/building_uks_next_generation/) - 白帽子章华鹏 - [ ] [安全管理及合规岗上新急招|联想/平安/大疆等直推安全负责人](https://mp.weixin.qq.com/s?__biz=MzIyOTAxOTYwMw==&mid=2650238879&idx=1&sn=723b15373626e6b9bab1b8a667223737) - Instapaper: Unread - [ ] [Il caso dei cinquemila agenti Digos finiti nei server degli hacker cinesi](https://formiche.net/2026/02/cinquemila-agenti-digos-finiti-nei-server-degli-hacker-cinesi/) - [ ] [Trust Me, I’m a Shortcut](https://www.wietzebeukema.nl/blog/trust-me-im-a-shortcut) - [ ] [AI Agents and Deep Research A Friday Primer](https://blog.elcomsoft.com/2026/03/ai-agents-and-deep-research-a-friday-primer/) - [ ] [Ext4 Forensics Extents](https://digitalinvestigator.blogspot.com/2026/03/ext4-forensics-extents.html) - Security Affairs - [ ] [Pro-Palestinian hacktivist group Handala targets Stryker in global disruption](https://securityaffairs.com/189304/hacktivism/pro-palestinian-hacktivist-group-handala-targets-stryker-in-global-disruption.html) - [ ] [BeatBanker malware targets Android users with banking Trojan and crypto miner](https://securityaffairs.com/189288/malware/beatbanker-malware-targets-android-users-with-banking-trojan-and-crypto-miner.html) - [ ] [Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX](https://securityaffairs.com/189278/security/hewlett-packard-enterprise-fixes-critical-authentication-bypass-in-aruba-aos-cx.html) - [ ] [KadNap bot compromises 14,000+ devices to route malicious traffic](https://securityaffairs.com/189251/malware/kadnap-bot-compromises-14000-devices-to-route-malicious-traffic.html) - Security Weekly Podcast Network (Audio) - [ ] [Being Exploitable While Your Risk Tolerance Changes and You Unblock Innovation - Myke Lyons - BSW #438](http://sites.libsyn.com/18678/being-exploitable-while-your-risk-tolerance-changes-and-you-unblock-innovation-myke-lyons-bsw-438) - Krebs on Security - [ ] [Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker](https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/) - [ ] [Microsoft Patch Tuesday, March 2026 Edition](https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/) - D3Lab - [ ] [Phishing EasyPark: il brand sfruttato per sottrarre dati di pagamento e documenti di identità](https://www.d3lab.net/phishing-easypark-il-brand-sfruttato-per-sottrarre-dati-di-pagamento-e-documenti-di-identita/) - Deeplinks - [ ] [Certbot and Let's Encrypt Now Support IP Address Certificates](https://www.eff.org/deeplinks/2026/03/certbot-and-lets-encrypt-now-support-ip-address-certificates) - [ ] [Government Spying 🤝 Targeted Advertising | EFFector 38.5](https://www.eff.org/deeplinks/2026/03/government-spying-targeted-advertising-effector-385) - The Hacker News - [ ] [Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes](https://thehackernews.com/2026/03/researchers-trick-perplexitys-comet-ai.html) - [ ] [Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials](https://thehackernews.com/2026/03/critical-n8n-flaws-allow-remote-code.html) - [ ] [Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown](https://thehackernews.com/2026/03/meta-disables-150k-accounts-linked-to.html) - [ ] [Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices](https://thehackernews.com/2026/03/dozens-of-vendors-patch-security-flaws.html) - [ ] [What Boards Must Demand in the Age of AI-Automated Exploitation](https://thehackernews.com/2026/03/what-boards-must-demand-in-age-of-ai.html) - [ ] [Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days](https://thehackernews.com/2026/03/microsoft-patches-84-flaws-in-march.html) - [ ] [UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours](https://thehackernews.com/2026/03/unc6426-exploits-nx-npm-supply-chain.html) - [ ] [Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets](https://thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html) - DEFION Research Labs - [ ] [Ruckus Unleashed: Multiple vulnerabilities exploited](/en/research-labs/ruckus-unleashed-multiple-vulnerabilities-exploited) - [ ] [Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger](/en/research-labs/pwn2own-automotive-2024-hacking-the-autel-maxicharger) - [ ] [Pwn2Own Automotive 2024: Hacking the JuiceBox 40](/en/research-labs/pwn2own-automotive-2024-hacking-the-juicebox-40) - [ ] [Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)](/en/research-labs/pwn2own-automotive-2024-hacking-the-chargepoint-home-flex-and-their-cloud) - [ ] [DoNex/DarkRace Ransomware Decryptor](/en/research-labs/donex-darkrace-ransomware-decryptor) - [ ] [CVE-2024-20693: Windows cached code signature manipulation](/en/research-labs/cve-2024-20693-windows-cached-code-signature-manipulation) - [ ] [Bringing process injection into view(s): exploiting all macOS apps using nib files](/en/research-labs/bringing-process-injection-into-view-s-exploiting-all-macos-apps-using-nib-files) - [ ] [Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing](/en/research-labs/don-t-talk-all-at-once-elevating-privileges-on-macos-by-audit-token-spoofing) - [ ] [Getting SYSTEM on Windows in style](/en/research-labs/getting-system-on-windows-in-style) - [ ] [Technical analysis of the Genesis Market](/en/research-labs/technical-analysis-of-the-genesis-market) - [ ] [Bad things come in large packages: .pkg signature verification bypass on macOS](/en/research-labs/bad-things-come-in-large-packages-pkg-signature-verification-bypass-on-macos) - [ ] [Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution](/en/research-labs/pwn2own-miami-2022-iconics-genesis64-arbitrary-code-execution) - [ ] [Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS](/en/research-labs/pwn2own-miami-2022-unified-automation-c-demo-server-dos) - [ ] [Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution](/en/research-labs/pwn2own-miami-2022-aveva-edge-arbitrary-code-execution) - [ ] [Process injection: breaking all macOS security layers with a single vulnerability](/en/research-labs/process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability) - [ ] [Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution](/en/research-labs/pwn2own-miami-2022-inductive-automation-ignition-remote-code-execution) - [ ] [Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass](/en/research-labs/pwn2own-miami-2022-opc-ua-net-standard-trusted-application-check-bypass) - [ ] [CoronaCheck App TLS certificate vulnerabilities](/en/research-labs/coronacheck-app-tls-certificate-vulnerabilities) - [ ] [Sandbox escape + privilege escalation in StorePrivilegedTaskService](/en/research-labs/sandbox-escape-privilege-escalation-in-storeprivilegedtaskservice) - [ ] [Proctorio Chrome extension Universal Cross-Site Scripting](/en/research-labs/proctorio-chrome-extension-universal-cross-site-scripting) - [ ] [Zoom RCE from Pwn2Own 2021](/en/research-labs/zoom-rce-from-pwn2own-2021) - [ ] [Adobe Acrobat privilege escalation](/en/research-labs/adobe-acrobat-privilege-escalation) - [ ] [iOS VPN support: 3 different bugs](/en/research-labs/ios-vpn-support-3-different-bugs) - [ ] [Sign in with Apple - authentication bypass](/en/research-labs/sign-in-with-apple-authentication-bypass) - [ ] [Jenkins - authentication bypass](/en/research-labs/jenkins-authentication-bypass) - [ ] [DNS rebinding for HTTPS](/en/research-labs/dns-rebinding-for-https) - [ ] [Spring Security - insufficient cryptographic randomness](/en/research-labs/spring-security-insufficient-cryptographic-randomness) - [ ] [XenServer - path traversal leading to authentication bypass](/en/research-labs/xenserver-path-traversal-leading-to-authentication-bypass) - [ ] [Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root](/en/research-labs/volkswagen-auto-group-mib-infotainment-system-unauthenticated-remote-code-execution-as-root) - [ ] [NAPALM - command execution on NAPLM controller from host](/en/research-labs/napalm-command-execution-on-naplm-controller-from-host) - [ ] [MySQL Connector/J - Unexpected deserialisation of Java objects](/en/research-labs/mysql-connector-j-unexpected-deserialisation-of-java-objects) - [ ] [Ansible - command execution on Ansible controller from host](/en/research-labs/ansible-command-execution-on-ansible-controller-from-host) - [ ] [Observium - unauthenticated remote code execution](/en/research-labs/observium-unauthenticated-remote-code-execution) - [ ] [cSRP/srpforjava - obtaining of hashed passwords](/en/research-labs/csrp-srpforjava-obtaining-of-hashed-passwords) - [ ] [StartEncrypt - obtaining valid SSL certificates for unauthorized domains](/en/research-labs/startencrypt-obtaining-valid-ssl-certificates-for-unauthorized-domains) - 安全419 - [ ] [2026年第一季度网安重大事件及趋势解读](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247552501&idx=1&sn=71c4b7c056ffff7cb63e7e64ce8cd132) - [ ] [问境AIST首发|以AI治理AI,悬镜原创多模态AIST新品发布](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247552501&idx=2&sn=ed2c43def2bd411453a4fb4ab91cf302) - [ ] [创新安全能力,赢战AI变局:SKD AWARDS 2025获奖榜单隆重揭晓](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247552501&idx=3&sn=1135f1507ea74dfa0fe9623710e9f572)
每日安全资讯(2026-03-12)