# 每日安全资讯(2026-03-20) - SecWiki News - [ ] [SecWiki News 2026-03-19 Review](http://www.sec-wiki.com/?2026-03-19) - Private Feed for M09Ic - [ ] [zeroclaw-labs released v0.5.1-beta.414 at zeroclaw-labs/zeroclaw](https://github.com/zeroclaw-labs/zeroclaw/releases/tag/v0.5.1-beta.414) - [ ] [anthropics released v2.1.80 at anthropics/claude-code](https://github.com/anthropics/claude-code/releases/tag/v2.1.80) - [ ] [zeroclaw-labs released v0.5.1-beta.403 at zeroclaw-labs/zeroclaw](https://github.com/zeroclaw-labs/zeroclaw/releases/tag/v0.5.1-beta.403) - [ ] [PrefectHQ released 3.6.23 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.6.23) - [ ] [bolucat released 202603192007 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202603192007) - [ ] [zeroclaw-labs released v0.5.1-beta.390 at zeroclaw-labs/zeroclaw](https://github.com/zeroclaw-labs/zeroclaw/releases/tag/v0.5.1-beta.390) - [ ] [OpenAEV-Platform released 2.3.1 at OpenAEV-Platform/openaev](https://github.com/OpenAEV-Platform/openaev/releases/tag/2.3.1) - [ ] [4ra1n starred jar-analyzer/jar-analyzer-engine](https://github.com/jar-analyzer/jar-analyzer-engine) - [ ] [4ra1n made this repository public](https://github.com/jar-analyzer/jar-analyzer-engine) - [ ] [zeroclaw-labs released v0.5.1 at zeroclaw-labs/zeroclaw](https://github.com/zeroclaw-labs/zeroclaw/releases/tag/v0.5.1) - [ ] [strands-agents released v1.31.0 at strands-agents/sdk-python](https://github.com/strands-agents/sdk-python/releases/tag/v1.31.0) - [ ] [github released v0.3.2 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.3.2) - [ ] [mgeeky starred Nova-Hunting/nova-rules](https://github.com/Nova-Hunting/nova-rules) - [ ] [Ridter starred mattpocock/skills](https://github.com/mattpocock/skills) - [ ] [ZeddYu starred rubickCenter/rubick](https://github.com/rubickCenter/rubick) - [ ] [gh0stkey starred justlovemaki/AIClient-2-API](https://github.com/justlovemaki/AIClient-2-API) - [ ] [4ra1n starred H4cking2theGate/AuditSkills](https://github.com/H4cking2theGate/AuditSkills) - [ ] [4ra1n forked 4ra1n/AuditSkills from H4cking2theGate/AuditSkills](https://github.com/4ra1n/AuditSkills) - [ ] [mgeeky starred galoryber/CodeSnag](https://github.com/galoryber/CodeSnag) - Verne in GitHub - [ ] [我 Vibe Coding 了一个日本看房神器:BukkenAI](https://blog.einverne.info/post/2026/03/bukkenai-ai-powered-japan-real-estate-neighborhood-analysis.html) - Tenable Blog - [ ] [Bolster your defenses and close the code-to-cloud gap with Tenable and OX](https://www.tenable.com/blog/tenable-ox-cnapp-appsec-integration) - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com - [ ] [2026首届汽车安全白帽黑客大会圆满收官,共筑车联网安全新生态](https://www.4hou.com/posts/VW8o) - [ ] [2026职场AI观察:禁而不止的影子代理,正在埋下企业数据安全隐患](https://www.4hou.com/posts/PG26) - [ ] [嘶吼安全动态|官方辟谣“七部门AI安全治理三年行动计划” 新型iPhone攻击工具“DarkSword”曝光](https://www.4hou.com/posts/RX4w) - [ ] [假招聘真投毒! Next.js 面试题暗藏后门实施入侵](https://www.4hou.com/posts/rpJW) - [ ] [警惕!“养虾”邮件攻击|一封邮件就让AI沦为黑客](https://www.4hou.com/posts/QX35) - Recent Commits to cve:main - [ ] [Update Thu Mar 19 11:10:26 UTC 2026](https://github.com/trickest/cve/commit/914d1ac1fc9bad5883226b80f128773bb1b1837a) - Microsoft Security Blog - [ ] [New tools and guidance: Announcing Zero Trust for AI](https://www.microsoft.com/en-us/security/blog/2026/03/19/new-tools-and-guidance-announcing-zero-trust-for-ai/) - [ ] [When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures](https://www.microsoft.com/en-us/security/blog/2026/03/19/when-tax-season-becomes-cyberattack-season-phishing-and-malware-campaigns-using-tax-related-lures/) - obaby 𝐢𝐧⃝ void - [ ] [🦞龙虾初体验](https://zhongxiaojie.cn/2026/03/610/) - 安全客-有思想的安全新媒体 - [ ] [科技云报到:“龙虾”OpenClaw狂欢之下,需要一针清醒剂](https://www.anquanke.com/post/id/315195) - [ ] [瑞数信息入选IDC两大AI安全报告,防御OpenClaw小龙虾裸奔危机](https://www.anquanke.com/post/id/315209) - [ ] [2026首届汽车安全白帽黑客大会圆满收官,共筑车联网安全新生态](https://www.anquanke.com/post/id/315197) - Insinuator.net - [ ] [Assessing Endpoint Protection: Our Approach to EDR/XDR and Supplements Evaluation](https://insinuator.net/2026/03/assessing-endpoint-protection-our-approach-to-edr-xdr-and-supplements-evaluation/) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [Escaping the Sandbox: How a Simple Python Path Flaw Led to Host RCE](https://infosecwriteups.com/escaping-the-sandbox-how-a-simple-python-path-flaw-led-to-host-rce-817d39c95f86?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [My Complete Bug Bounty Hunting Workflow Every Command I Use, Step by Step](https://infosecwriteups.com/my-complete-bug-bounty-hunting-workflow-every-command-i-use-step-by-step-68484276471f?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [When Old Breaches Meet New Code: Why Historical Leaks Still Matter](https://infosecwriteups.com/when-old-breaches-meet-new-code-why-historical-leaks-still-matter-b4e6eb8ac607?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [I Found a Critical SSRF Vulnerability That Could Have Exposed an Entire Server Here’s How](https://infosecwriteups.com/i-found-a-critical-ssrf-vulnerability-that-could-have-exposed-an-entire-server-heres-how-0a69c2ba2dee?source=rss----7b722bfd1b8d--bug_bounty) - Horizon3.ai - [ ] [Horizon3.ai’s NodeZero®, the World’s Most Experienced AI Hacker, Drives 102% ARR Growth](https://horizon3.ai/news/press-release/horizon3-arr-growth-nodezero/) - Inside Stormshield - [ ] [Rencontre avec des professionnels de l’éducation](https://stories.stormshield.com/rencontre-avec-des-professionnels-de-leducation/) - Malware-Traffic-Analysis.net - Blog Entries - [ ] [2026-03-17: Seven days of scans and probes and web traffic hitting my web server](https://www.malware-traffic-analysis.net/2026/03/17/index.html) - Malwarebytes - [ ] [A DarkSword hangs over unpatched iPhones](https://www.malwarebytes.com/blog/mobile/2026/03/a-darksword-hangs-over-unpatched-iphones) - [ ] [Your tax forms sell for $20 on the dark web](https://www.malwarebytes.com/blog/privacy/2026/03/your-tax-forms-sell-for-20-on-the-dark-web) - 奇客Solidot–传递最新科技情报 - [ ] [新能源危机迫使政府重新考虑对化石燃料的依赖](https://www.solidot.org/story?sid=83813) - [ ] [内存条和传统 DIMM 插槽可能将消失](https://www.solidot.org/story?sid=83812) - [ ] [社媒使用降低个人幸福感](https://www.solidot.org/story?sid=83811) - [ ] [居家办公有助于提高生育率](https://www.solidot.org/story?sid=83810) - [ ] [Firefox v149 将内置 VPN](https://www.solidot.org/story?sid=83809) - [ ] [美国私人太空公司计划捕捉小行星](https://www.solidot.org/story?sid=83808) - [ ] [GNOME 50 释出](https://www.solidot.org/story?sid=83807) - [ ] [2026 年图灵奖授予了两位量子信息理论的奠基人](https://www.solidot.org/story?sid=83806) - [ ] [Meta 将于 6 月 15 日关闭 VR 社交网络 Horizon Worlds](https://www.solidot.org/story?sid=83805) - 绿盟科技技术博客 - [ ] [对《互联网应用程序个人信息收集使用规定(征求意见稿)》的学习浅析](https://blog.nsfocus.net/%e5%af%b9%e3%80%8a%e4%ba%92%e8%81%94%e7%bd%91%e5%ba%94%e7%94%a8%e7%a8%8b%e5%ba%8f%e4%b8%aa%e4%ba%ba%e4%bf%a1%e6%81%af%e6%94%b6%e9%9b%86%e4%bd%bf%e7%94%a8%e8%a7%84%e5%ae%9a%ef%bc%88%e5%be%81%e6%b1%82/) - [ ] [RSAC 2026创新沙盒 | Humanix:面向人的社会工程攻击检测与响应](https://blog.nsfocus.net/rsac-2026%e5%88%9b%e6%96%b0%e6%b2%99%e7%9b%92-humanix%ef%bc%9a%e9%9d%a2%e5%90%91%e4%ba%ba%e7%9a%84%e7%a4%be%e4%bc%9a%e5%b7%a5%e7%a8%8b%e6%94%bb%e5%87%bb%e6%a3%80%e6%b5%8b%e4%b8%8e%e5%93%8d%e5%ba%94/) - [ ] [RSAC 2026创新沙盒 | Clearly AI:打造AI赋能的自动化软件安全平台](https://blog.nsfocus.net/rsac-2026%e5%88%9b%e6%96%b0%e6%b2%99%e7%9b%92-clearly-ai%ef%bc%9a%e6%89%93%e9%80%a0ai%e8%b5%8b%e8%83%bd%e7%9a%84%e8%87%aa%e5%8a%a8%e5%8c%96%e8%bd%af%e4%bb%b6%e5%ae%89%e5%85%a8%e5%b9%b3%e5%8f%b0/) - Offensive Security Blog: Latest Trends in Hacking | Praetorian - [ ] [CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution](https://www.praetorian.com/blog/cve-2026-3630/) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [TP-Link的中国创始人寻求获得特朗普金卡](https://blog.upx8.com/TP-Link%E7%9A%84%E4%B8%AD%E5%9B%BD%E5%88%9B%E5%A7%8B%E4%BA%BA%E5%AF%BB%E6%B1%82%E8%8E%B7%E5%BE%97%E7%89%B9%E6%9C%97%E6%99%AE%E9%87%91%E5%8D%A1) - 安全分析与研究 - [ ] [Windows Defender对抗——攻破Windows内置防线](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247496571&idx=1&sn=9bfa9b2a75c95d41896dfeaf3eb04421) - 腾讯玄武实验室 - [ ] [每日安全动态推送(26/3/19)](https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651960404&idx=1&sn=74f50c909929cc66f80760454e887963) - Huli's blog - [ ] [從 Coupang 的個資外洩談內部威脅、金鑰管理與 JWT](https://blog.huli.tw/2026/03/19/coupang-insider-kms-and-jwt/) - 黑鸟 - [ ] [通过攻陷合法网站传播的新型iOS漏洞利用工具包DarkSword](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451185849&idx=1&sn=90f390064e47068e7f7b5a5c0eef796c) - 虎符智库 - [ ] [特朗普政府2026网络安全战略与影响解析](https://mp.weixin.qq.com/s?__biz=MzIwNjYwMTMyNQ==&mid=2247493739&idx=1&sn=e8e67c9be6e5f5dc6f004c3016fb045e) - 威努特安全网络 - [ ] [古巴遭遇全国大停电!如何筑牢电力安全防线?](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651141036&idx=1&sn=f24d7875348303b12dbf24396e9d2692) - 代码卫士 - [ ] [Ubunntu 高危漏洞可导致攻击者获得根权限](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525508&idx=1&sn=2833d5727c1faf94104890b325bb6d75) - [ ] [IP KVM 中存在9个严重漏洞,可用于获得未认证root访问权限](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525508&idx=2&sn=64b8a410384155e1fa92afa41950ba05) - 看雪学苑 - [ ] [AI静态分析,内核模块隐藏 Frida 特征,绕过linker私有结构遍历崩溃链](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458612335&idx=1&sn=ca23336eef45a4993cc6e5b191e62a61) - [ ] [直播预约 | 顺丰SRC第四届白帽技术沙龙,干货抽奖全都有!](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458612335&idx=2&sn=e2a25d958fadaad92956a11de1977d7c) - [ ] [Mac用户注意:新攻击借ChatGPT之名,诱你亲手“安装”恶意软件](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458612335&idx=3&sn=25c139304f7633801d34a58d3f3b6b37) - CT Stack 安全社区 - [ ] [MiniMax-M2.7 震撼发布:Monkey Code 首发免费提供,编程能力大幅提升!](https://mp.weixin.qq.com/s?__biz=MzIzOTE1ODczMg==&mid=2247500231&idx=1&sn=a6cf09424a6db6d970bf0b2c188139dc) - 吾爱破解论坛 - [ ] [2026解题领红包基本完成(少MCP和Win高级, 但很有梗)](https://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&mid=2651143773&idx=1&sn=0dd95b85bffd6c929bb32e28fd8ee121) - 奇安信威胁情报中心 - [ ] [OpenClaw热潮之下,Lua窃密软件精心伪装乘虚而入](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247518045&idx=1&sn=d4755b4c8717a7be0e9f295adc8aabe3) - 安全研究GoSSIP - [ ] [G.O.S.S.I.P 阅读推荐 2026-03-19 蓝牙重配对攻击](https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247501518&idx=1&sn=f7ad7cb7ff6af741f33035bf24832a16) - 信息安全国家工程研究中心 - [ ] [今年政府工作报告中出现的“网络安全”元素](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247503212&idx=1&sn=83f75fbf6f65aa5bcff173cfd21b105a) - 信安之路 - [ ] [挖洞前一定要看这个!](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247500452&idx=1&sn=e1e5407fc1d3199252887e55cc7d0168) - 安全学术圈 - [ ] [中国科学院信息工程研究所 | 基于大语言模型的API参数安全规则生成与API误用检测](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247495163&idx=1&sn=4cfc8079192ebcc8de2fd692a0d2c5b8) - 奇安信 CERT - [ ] [今日(2026年3月19日)OpenClaw 最新安全动态总结](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247504795&idx=1&sn=7a7b7010d2726c150fb8023cee90c11e) - 天黑说嘿话 - [ ] [春节加餐:Anthropic首个公开的Skills构建指南来了!](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247486030&idx=1&sn=222011b50677ccfbcd4efb6f52fa1e72) - 青藤云安全 - [ ] [AI教科书级防御,化解一场真实攻击](https://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650851038&idx=1&sn=7b3e63664b310a65957347373d521fe2) - 中国信息安全 - [ ] [专题·原创 | 以法治引领网络强国建设与产业高质量发展](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260437&idx=1&sn=eafd4bfb5d47574d99ba225eaec6e6b5) - [ ] [国家安全部:揭秘“暗网”真面目!](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260437&idx=2&sn=feab299538e9213541a526f5d098ebf6) - [ ] [专家解读 | 建立数据产权制度的经济逻辑](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260437&idx=3&sn=4a6ad59a593fcae947343787a270159a) - [ ] [行业 | 蚂蚁数科发布“龙虾卫士”,护航OpenClaw智能体安全落地](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260437&idx=4&sn=fc4c409a96a22ea81f6b11bfa5ab6cbe) - [ ] [观点 | 进一步加强网络生态治理](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664260437&idx=5&sn=9512370b83d5990af96d9db4657e6de1) - 补天平台 - [ ] [上线通知 | 大家一直在等的京东卡来啦!](https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247510427&idx=1&sn=cc73b66d8ef4294e639cc66b9c3bd5cb) - 安全圈 - [ ] [【安全圈】iOS18 爆高危漏洞!不升危险,升级变卡](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074879&idx=1&sn=a99f5ab259944d0f68ee8f470256a869) - [ ] [【安全圈】Aura 公司证实数据泄露,90 万营销联系人信息遭曝光](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074879&idx=2&sn=143311d48cdc9eb9cf658d5d5a45979d) - [ ] [【安全圈】CVE-2026-3888:Ubuntu 桌面版 24.04+ 易受提权漏洞攻击](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652074879&idx=3&sn=f2683ea27641f32a563e177c417115b9) - 安全牛 - [ ] [安全边界已消亡?AI+SaaS 时代下,数据安全规则迎来根本性重塑](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140772&idx=1&sn=2082eb176695ab8998f6977d2b1cbc8e) - [ ] [北京启动“清朗京华·AI向善”专项行动 重点整治五类涉AI领域网络乱象;OpenAI 发布 GPT-5.4 mini/nano 小模型| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140772&idx=2&sn=4249ac229892c810d55428810678f3dc) - 中通安全应急响应中心 - [ ] [Q1收官战!2倍积分+累挖奖励,师傅冲就完了!](https://mp.weixin.qq.com/s?__biz=MzUyMTcwNTY3Mg==&mid=2247486640&idx=1&sn=41693eb7337b7aa9513c666a181c81cf) - 字节跳动安全中心 - [ ] [春日焕新|全线业务加倍奖励、伯乐&新人礼&团队礼安排!](https://mp.weixin.qq.com/s?__biz=MzUzMzcyMDYzMw==&mid=2247496099&idx=1&sn=b67fd2d5fbfc7f617a1ccf55d1ac3c3c) - 极客公园 - [ ] [改造 100 多年的影视行业,需要的不止是好模型](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653101660&idx=1&sn=ac6d90d1d3295083ec925e8a597dab75) - [ ] [858 亿砸 AI,腾讯杀入「AI 战争」](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653101647&idx=1&sn=fd7c9fe43b79686afae8db6e0276b6f7) - [ ] [黄仁勋:OpenClaw 是人类史上最成功开源项目;苹果智能家居硬件负责人离职加入 Oura;日本 AI 模型被指套壳 Deepseek | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653101603&idx=1&sn=9fdc7fab4836f7346cefc5d4f83a58e9) - 阿里安全响应中心 - [ ] [直击阿里CTF2026:当AI成为“攻防新变量”,安全竞赛的底层逻辑正在重构](https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652998728&idx=1&sn=b83e26c74940e3bb39c2c4a68f3e1654) - 嘶吼专业版 - [ ] [2026职场AI观察:禁而不止的影子代理,正在埋下企业数据安全隐患](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247587241&idx=1&sn=4f0fc6896ac8f25ecb52e8921498111c) - [ ] [假招聘真投毒!Next.js面试题暗藏后门实施入侵](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247587241&idx=2&sn=e5713c13b81cc2f21c338918846af0c3) - [ ] [倒计时2天!《2026网络安全产业图谱》调研进入收尾阶段](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247587241&idx=3&sn=d510ff76aba1e9fa210cf3668e0218b7) - [ ] [嘶吼安全动态|官方辟谣“七部门AI安全治理三年行动计划” 新型iPhone攻击工具“DarkSword”曝光](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247587241&idx=4&sn=159b54c49a86908259b52b606aa887b5) - 火绒安全 - [ ] [抽奖啦 | 叮~你的放松福利已送达,速来参与!](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531500&idx=1&sn=7a95b94f30ff51e3f3103d194e512127) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531500&idx=2&sn=fa8e8075113a7acb8c01755ec1d5aae9) - 斗象智能安全 - [ ] [企业级Vibe Coding安全中枢,斗象AISCC「安全中转网关」已就位!](https://mp.weixin.qq.com/s?__biz=MzIwMjcyNzA5Mw==&mid=2247495312&idx=1&sn=82e44694fb57705e374bda5a4648bcd4) - 数世咨询 - [ ] [运营定义价值:安全行业的范式变换](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542164&idx=1&sn=79e8a0f549299e26e8df81a24cf7a8fc) - [ ] [RSAC 2026创新沙盒 | Clearly AI:打造AI赋能的自动化软件安全平台](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542164&idx=2&sn=8a038364563ffe361c2ca13cf4e65198) - 复旦白泽战队 - [ ] [你的手机AI助手越“聪明”,隐私风险越大?主流厂商智能体测评(1)](https://mp.weixin.qq.com/s?__biz=MzU4NzUxOTI0OQ==&mid=2247498103&idx=1&sn=8e7a31d7ebd9b78822682b3a3615dbc5) - 软件安全与逆向分析 - [ ] [拆解iOS应用逆向实战中的反调试与反篡改](https://mp.weixin.qq.com/s?__biz=MzU3MTY5MzQxMA==&mid=2247485071&idx=1&sn=ed0907e603198e77e3eca08dfce80a9a) - 墨菲安全 - [ ] [墨菲安全正式发布AI原生企业安全治理平台SGP](https://mp.weixin.qq.com/s?__biz=MzkwOTM0MjI5NQ==&mid=2247488335&idx=1&sn=3d29e55c5d25193a1f15e9f895cbfd00) - ChaMd5安全团队 - [ ] [直播预约 | 顺丰SRC第四届白帽技术沙龙,干货抽奖全都有!](https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247514226&idx=1&sn=f5622bcec7e137580b4b1f63c6187dc3) - 情报分析师 - [ ] [当摩萨德的特工坐在你对面时,他问的第一句话是什么?从美伊冲突看人力情报的科学与艺术](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567093&idx=1&sn=e2dd252c856a45802572f0ae27d1fdb0) - 美团技术团队 - [ ] [美团 BI 在指标平台和分析引擎上的探索和实践](https://mp.weixin.qq.com/s?__biz=MjM5NjQ5MTI5OA==&mid=2651782375&idx=1&sn=9fa8942b14abb27fb85b9fe2ca0ae957) - TrustedSec - [ ] [Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found](https://trustedsec.com/blog/full-disclosure-a-third-and-fourth-azure-sign-in-log-bypass-found) - 360数字安全 - [ ] [独家!OpenClaw之父确认漏洞,360为所有“养虾人”筑牢安全防线](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585474&idx=1&sn=53b14b545cacdccc7581fa98e01cf5e1) - [ ] [360预警:Sorry勒索病毒集中开火,专挑中小型企业“偷家”](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585474&idx=2&sn=a20aa84529cb5bc8ec7c5ff305641d5f) - 安全行者老霍 - [ ] [近期AI 安全相关公司介绍](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486153&idx=1&sn=8e7fd850b79a1bf87655da0f1cef9674) - 迪哥讲事 - [ ] [xss绕过思路](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499190&idx=1&sn=e989bea221288b094d4e45e4df1205fd) - 纽创信安 - [ ] [纽创信安与SGS启动网络安全ISO 21434认证项目](https://mp.weixin.qq.com/s?__biz=MzAwNTczMjAzMg==&mid=2650240987&idx=1&sn=6224fb675bb9400b5f946e179257ebbe) - IT Service Management News - [ ] [Bozza di linee guida per il CRA](http://blog.cesaregallotti.it/2026/03/bozza-di-linee-guida-per-il-cra.html) - [ ] [Wiki AI Security del Clusit](http://blog.cesaregallotti.it/2026/03/wiki-ai-security-del-clusit.html) - 安全419 - [ ] [运行时安全:AI Agent时代的安全新战线](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247552630&idx=1&sn=e9eeb2045a777d49c8adc10ac22b7fa6) - [ ] [2026首届汽车安全白帽黑客大会圆满收官,共筑车联网安全新生态](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247552630&idx=2&sn=fa496ad6eb372381d6b6ff43b28d1163) - bellingcat - [ ] [How Wildlife Traffickers Are Using Coded Language to Sell Protected Animals On Facebook](https://www.bellingcat.com/news/2026/03/19/how-wildlife-traffickers-are-using-coded-language-to-sell-protected-animals-on-facebook/) - ICT Security Magazine - [ ] [Peter Thiel, Palantir e l’algoritmo dell’Apocalisse: quando l’Anticristo è nel codice](https://www.ictsecuritymagazine.com/notizie/peter-thiel-palantir-codice/) - [ ] [Perché i jammer nelle carceri sono inefficaci (e pericolosi)](https://www.ictsecuritymagazine.com/articoli/jammer-nelle-carceri/) - Securityinfo.it - [ ] [La cybersecurity OT in Italia tra maturità limitata e pressioni normative](https://www.securityinfo.it/2026/03/19/la-cybersecurity-ot-in-italia-tra-maturita-limitata-e-pressioni-normative/?utm_source=rss&utm_medium=rss&utm_campaign=la-cybersecurity-ot-in-italia-tra-maturita-limitata-e-pressioni-normative) - Over Security - Cybersecurity news aggregator - [ ] [Navia discloses data breach impacting 2.7 million people](https://www.bleepingcomputer.com/news/security/navia-discloses-data-breach-impacting-27-million-people/) - [ ] [New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores](https://www.bleepingcomputer.com/news/security/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores/) - [ ] [You have to invite them in](https://blog.talosintelligence.com/you-have-to-invite-them-in/) - [ ] [Iran-Aligned Militias Signal Expanded Regional Risk Amid US–Israel–Iran Conflict](https://flashpoint.io/blog/iran-aligned-militias-regional-risk-us-israel-iran-conflict/) - [ ] [DarkSword, l’exploit kit che ha violato gli iPhone di mezzo mondo per rubare dati riservati](https://www.cybersecurity360.it/news/darksword-lexploit-kit-che-ha-violato-gli-iphone-di-mezzo-mondo-per-rubare-dati-riservati/) - [ ] [US intel chiefs urge lawmakers to extend Section 702 surveillance power without changes](https://therecord.media/us-intel-chiefs-urge-lawmakers-to-extend-section-702) - [ ] [Bitrefill blames North Korean Lazarus group for cyberattack](https://www.bleepingcomputer.com/news/security/bitrefill-blames-north-korean-lazarus-group-for-cyberattack/) - [ ] [New Android malware hiding in streaming apps to spy on users’ personal notes](https://therecord.media/malware-streaming-apps-android) - [ ] [FBI seizes Handala data leak site after Stryker cyberattack](https://www.bleepingcomputer.com/news/security/fbi-seizes-handala-data-leak-site-after-stryker-cyberattack/) - [ ] [FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack](https://techcrunch.com/2026/03/19/fbi-seizes-pro-iranian-hacking-groups-websites-after-destructive-stryker-hack/) - [ ] [FBI, CISA warn on Microsoft Intune risks after Iran-linked cyberattack on Stryker](https://therecord.media/fbi-cisa-warn-of-microsoft-intune-risks-stryker) - [ ] [La cybersecurity OT in Italia tra maturità limitata e pressioni normative](https://www.securityinfo.it/2026/03/19/la-cybersecurity-ot-in-italia-tra-maturita-limitata-e-pressioni-normative/) - [ ] [White House pours cold water on cyber ‘letters of marque’ speculation](https://therecord.media/offensive-cyber-white-house-hacking) - [ ] [Russian hackers exploit Zimbra flaw in Ukrainian govt attacks](https://www.bleepingcomputer.com/news/security/russian-apt28-military-hackers-exploit-zimbra-flaw-in-ukrainian-govt-attacks/) - [ ] [Risolto bug Bluetooth di Windows 11: cosa insegna sulla sicurezza del wireless aziendale](https://www.cybersecurity360.it/news/risolto-bug-bluetooth-di-windows-11-cosa-insegna-sulla-sicurezza-del-wireless-aziendale/) - [ ] [Ransomware attack on UMMC: Medusa claims 1 TB of exfiltrated data as new details emerge](https://www.suspectfile.com/ransomware-attack-on-ummc-medusa-claims-1-tb-of-exfiltrated-data-as-new-details-emerge/) - [ ] [7 Ways to Prevent Privilege Escalation via Password Resets](https://www.bleepingcomputer.com/news/security/7-ways-to-prevent-privilege-escalation-via-password-resets/) - [ ] [Interlock ransomware gang exploited Cisco firewall zero-day weeks before disclosure: Amazon](https://therecord.media/cisco-ransomware-interlock-firewalls) - [ ] [Faraday bag, a cosa servono per la privacy e la sicurezza su smartphone (e a cosa no)](https://www.cybersecurity360.it/cultura-cyber/faraday-bag-a-cosa-servono-per-la-privacy-su-smartphone-e-a-cosa-no/) - [ ] [Ready for macOS Threats: Expanding Your SOC’s Cross-Platform Analysis with ANY.RUN](https://any.run/cybersecurity-blog/anyrun-macos-sandbox/) - [ ] [Max severity Ubiquiti UniFi flaw may allow account takeover](https://www.bleepingcomputer.com/news/security/ubiquiti-warns-of-unifi-flaw-that-may-enable-account-takeover/) - [ ] [Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency](https://therecord.media/russia-hackers-ukraine-zimbra-breach) - [ ] [Exploiting a PHP Object Injection in Profile Builder Pro in the era of AI](https://blog.sicuranext.com/exploiting-a-php-object-injection-in-profile-builder-pro-in-the-era-of-ai/) - [ ] [Apple Patches WebKit Vulnerability CVE-2026-20643 Across iOS, macOS](https://thecyberexpress.com/webkit-vulnerability-fixed-in-apple-update/) - [ ] [Interlock Ransomware Leveraged Cisco FMC Zero-Day 36 Days Before Patch, Amazon Reveals](https://thecyberexpress.com/interlock-fmc-cve-2026-20131/) - [ ] [CISA urges US orgs to secure Microsoft Intune systems after Stryker breach](https://www.bleepingcomputer.com/news/security/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach/) - [ ] [Oltre la trasmissione sicura: acceleratori crittografici per proteggere i dati in uso](https://www.cybersecurity360.it/soluzioni-aziendali/oltre-la-trasmissione-sicura-acceleratori-crittografici-per-proteggere-i-dati-in-uso/) - [ ] [Inside Russia’s Shift to Credential-Based Intrusions: What CISOs Need to Know in 2026](https://cyble.com/blog/russia-credential-based-intrusions-cisos/) - [ ] [Critical Microsoft SharePoint flaw now exploited in attacks](https://www.bleepingcomputer.com/news/microsoft/critical-microsoft-sharepoint-flaw-now-exploited-in-attacks/) - [ ] [New ‘Perseus’ Android malware checks user notes for secrets](https://www.bleepingcomputer.com/news/security/new-perseus-android-malware-checks-user-notes-for-secrets/) - [ ] [China Sits at the Top of America’s Cyber Threat List](https://thecyberexpress.com/china-top-cyber-threat-for-us/) - [ ] [Everyday tools, extraordinary crimes: the ransomware exfiltration playbook](https://blog.talosintelligence.com/everyday-tools-extraordinary-crimes-the-ransomware-exfiltration-playbook/) - [ ] [Perseus: DTO malware that takes notes](https://www.threatfabric.com/blogs/perseus-dto-malware-that-takes-notes) - [ ] [LLM in guerra: il Pentagono aprirà alle aziende la possibilità di training AI con dati riservati](https://www.cybersecurity360.it/cybersecurity-nazionale/llm-in-guerra-il-pentagono-aprira-alle-aziende-la-possibilita-di-traininig-dellai-con-dati-riservati/) - [ ] [Multiple Threat Actors Exploiting a Six-Vulnerability iOS Exploit Kit Dubbed “DarkSword”](https://thecyberexpress.com/ios-exploit-kit-dubbed-darksword/) - [ ] [Hasta la vista, Hastalamuerte: An Overview of The Gentlemen’s TTPs](https://www.group-ib.com/blog/hastalamuerte-gentlemen-raas-ttps/) - [ ] [CISA Urges Endpoint Management Hardening After Stryker Cyberattack](https://thecyberexpress.com/endpoint-management-systems-cisa/) - [ ] [DarkSword: exploit chain iOS tra zero-day, spyware e cybercrime finanziario](https://www.securityinfo.it/2026/03/18/darksword-exploit-chain-ios-tra-zero-day-spyware-e-cybercrime-finanziario/) - Future of Tech and Security: Strategy & Innovation with Raffy - [ ] [SIEM Is Not Dead. It Just Stopped Moving Fast Enough.](https://raffy.ch/blog/2026/03/19/siem-is-not-dead-it-just-stopped-moving-fast-enough/) - 360威胁情报中心 - [ ] [ComfyUI-Manager RCE(CVE-2026-22777)遭在野利用,数万台设备亟待修复](https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247508019&idx=1&sn=d6d9df690f1943dae9e64a641b1c9a92) - Schneier on Security - [ ] [Hacking a Robot Vacuum](https://www.schneier.com/blog/archives/2026/03/hacking-a-robot-vacuum.html) - The Hacker News - [ ] [Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers](https://thehackernews.com/2026/03/speagle-malware-hijacks-cobra-docguard.html) - [ ] [54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security](https://thehackernews.com/2026/03/54-edr-killers-use-byovd-to-exploit-34.html) - [ ] [ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More](https://thehackernews.com/2026/03/threatsday-bulletin-fortigate-raas.html) - [ ] [New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data](https://thehackernews.com/2026/03/new-perseus-android-banking-malware.html) - [ ] [How Ceros Gives Security Teams Visibility and Control in Claude Code](https://thehackernews.com/2026/03/how-ceros-gives-security-teams.html) - [ ] [DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover](https://thehackernews.com/2026/03/darksword-ios-exploit-kit-uses-6-flaws.html) - [ ] [CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks](https://thehackernews.com/2026/03/cisa-warns-of-zimbra-sharepoint-flaw.html) - SANS Internet Storm Center, InfoCON: green - [ ] [ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)](https://isc.sans.edu/diary/rss/32812) - [ ] [Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)](https://isc.sans.edu/diary/rss/32810) - GRAHAM CLULEY - [ ] [Smashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple ID](https://grahamcluley.com/smashing-security-podcast-459/) - Full Disclosure - [ ] [snap-confine + systemd-tmpfiles = root (CVE-2026-3888)](https://seclists.org/fulldisclosure/2026/Mar/11) - [ ] [APPLE-SA-03-17-2026-1 Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2](https://seclists.org/fulldisclosure/2026/Mar/10) - [ ] [SEC Consult SA-20260318-0 :: Multiple Privilege Escalation Vulnerabilities in Arturia Software Center MacOS](https://seclists.org/fulldisclosure/2026/Mar/9) - [ ] [SEC Consult SA-20260317-0 :: Multiple vulnerabilities in PEGA Infinity platform](https://seclists.org/fulldisclosure/2026/Mar/8) - The Register - Security - [ ] [Unknown attackers exploit yet another critical SharePoint bug](https://go.theregister.com/feed/www.theregister.com/2026/03/19/unknown_attackers_exploit_yet_another/) - [ ] [Google gives Android users a way to install unverified apps if they prove they really, really want to](https://go.theregister.com/feed/www.theregister.com/2026/03/19/google_android_unverified_apps/) - [ ] [Lock down Microsoft Intune, feds warn after Stryker attack](https://go.theregister.com/feed/www.theregister.com/2026/03/19/microsoft_intune_lockdown_stryker/) - Security Affairs - [ ] [Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking](https://securityaffairs.com/189689/security/critical-ubiquiti-unifi-unifi-security-flaw-allows-potential-account-hijacking.html) - [ ] [U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/189682/security/u-s-cisa-adds-a-flaw-in-cisco-fmc-and-cisco-scc-firewall-management-to-its-known-exploited-vulnerabilities-catalog.html) - [ ] [Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376](https://securityaffairs.com/189673/security/russian-apt-targets-ukraine-via-zimbra-xss-flaw-cve-2025-66376.html) - [ ] [DarkSword emerges as powerful iOS exploit tool in global attacks](https://securityaffairs.com/189662/hacking/darksword-emerges-as-powerful-ios-exploit-tool-in-global-attacks.html) - [ ] [Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure](https://securityaffairs.com/189636/malware/interlock-group-exploiting-the-cisco-fmc-flaw-cve-2026-20131-36-days-before-disclosure.html) - [ ] [Russia establishes Vienna as key western spy hub targeting NATO](https://securityaffairs.com/189653/intelligence/russia-establishes-vienna-as-key-western-spy-hub-targeting-nato.html) - DEFION Research Labs - [ ] [Ruckus Unleashed: Multiple vulnerabilities exploited](/en/research-labs/ruckus-unleashed-multiple-vulnerabilities-exploited) - [ ] [Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger](/en/research-labs/pwn2own-automotive-2024-hacking-the-autel-maxicharger) - [ ] [Pwn2Own Automotive 2024: Hacking the JuiceBox 40](/en/research-labs/pwn2own-automotive-2024-hacking-the-juicebox-40) - [ ] [Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)](/en/research-labs/pwn2own-automotive-2024-hacking-the-chargepoint-home-flex-and-their-cloud) - [ ] [DoNex/DarkRace Ransomware Decryptor](/en/research-labs/donex-darkrace-ransomware-decryptor) - [ ] [CVE-2024-20693: Windows cached code signature manipulation](/en/research-labs/cve-2024-20693-windows-cached-code-signature-manipulation) - [ ] [Bringing process injection into view(s): exploiting all macOS apps using nib files](/en/research-labs/bringing-process-injection-into-view-s-exploiting-all-macos-apps-using-nib-files) - [ ] [Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing](/en/research-labs/don-t-talk-all-at-once-elevating-privileges-on-macos-by-audit-token-spoofing) - [ ] [Getting SYSTEM on Windows in style](/en/research-labs/getting-system-on-windows-in-style) - [ ] [Technical analysis of the Genesis Market](/en/research-labs/technical-analysis-of-the-genesis-market) - [ ] [Bad things come in large packages: .pkg signature verification bypass on macOS](/en/research-labs/bad-things-come-in-large-packages-pkg-signature-verification-bypass-on-macos) - [ ] [Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution](/en/research-labs/pwn2own-miami-2022-iconics-genesis64-arbitrary-code-execution) - [ ] [Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS](/en/research-labs/pwn2own-miami-2022-unified-automation-c-demo-server-dos) - [ ] [Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution](/en/research-labs/pwn2own-miami-2022-aveva-edge-arbitrary-code-execution) - [ ] [Process injection: breaking all macOS security layers with a single vulnerability](/en/research-labs/process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability) - [ ] [Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution](/en/research-labs/pwn2own-miami-2022-inductive-automation-ignition-remote-code-execution) - [ ] [Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass](/en/research-labs/pwn2own-miami-2022-opc-ua-net-standard-trusted-application-check-bypass) - [ ] [CoronaCheck App TLS certificate vulnerabilities](/en/research-labs/coronacheck-app-tls-certificate-vulnerabilities) - [ ] [Sandbox escape + privilege escalation in StorePrivilegedTaskService](/en/research-labs/sandbox-escape-privilege-escalation-in-storeprivilegedtaskservice) - [ ] [Proctorio Chrome extension Universal Cross-Site Scripting](/en/research-labs/proctorio-chrome-extension-universal-cross-site-scripting) - [ ] [Zoom RCE from Pwn2Own 2021](/en/research-labs/zoom-rce-from-pwn2own-2021) - [ ] [Adobe Acrobat privilege escalation](/en/research-labs/adobe-acrobat-privilege-escalation) - [ ] [iOS VPN support: 3 different bugs](/en/research-labs/ios-vpn-support-3-different-bugs) - [ ] [Sign in with Apple - authentication bypass](/en/research-labs/sign-in-with-apple-authentication-bypass) - [ ] [Jenkins - authentication bypass](/en/research-labs/jenkins-authentication-bypass) - [ ] [DNS rebinding for HTTPS](/en/research-labs/dns-rebinding-for-https) - [ ] [Spring Security - insufficient cryptographic randomness](/en/research-labs/spring-security-insufficient-cryptographic-randomness) - [ ] [XenServer - path traversal leading to authentication bypass](/en/research-labs/xenserver-path-traversal-leading-to-authentication-bypass) - [ ] [Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root](/en/research-labs/volkswagen-auto-group-mib-infotainment-system-unauthenticated-remote-code-execution-as-root) - [ ] [NAPALM - command execution on NAPLM controller from host](/en/research-labs/napalm-command-execution-on-naplm-controller-from-host) - [ ] [MySQL Connector/J - Unexpected deserialisation of Java objects](/en/research-labs/mysql-connector-j-unexpected-deserialisation-of-java-objects) - [ ] [Ansible - command execution on Ansible controller from host](/en/research-labs/ansible-command-execution-on-ansible-controller-from-host) - [ ] [Observium - unauthenticated remote code execution](/en/research-labs/observium-unauthenticated-remote-code-execution) - [ ] [cSRP/srpforjava - obtaining of hashed passwords](/en/research-labs/csrp-srpforjava-obtaining-of-hashed-passwords) - [ ] [StartEncrypt - obtaining valid SSL certificates for unauthorized domains](/en/research-labs/startencrypt-obtaining-valid-ssl-certificates-for-unauthorized-domains) - Security Weekly Podcast Network (Audio) - [ ] [Hacking IP KVMs & Reversing with Radare2 - Sergi Àlvarez - PSW #918](http://sites.libsyn.com/18678/hacking-ip-kvms-reversing-with-radare2-sergi-lvarez-psw-918)
每日安全资讯(2026-03-20)