[每日信息流] 2026-03-27 #1190
Description
每日安全资讯(2026-03-27)
- Private Feed for M09Ic
- anthropics released v2.1.85 at anthropics/claude-code
- github released v0.4.3 at github/spec-kit
- kpcyrd contributed to Eugeny/russh
- bolucat released 202603262016 at bolucat/Archive
- kpcyrd forked kpcyrd/androidqf from mvt-project/androidqf
- CHYbeta starred wuyoscar/ISC-Bench
- IC3-CR3AM starred nashsu/opencli-rs-skill
- Rvn0xsy starred BloopAI/vibe-kanban
- liamg contributed to infracost/go-proto
- zeroclaw-labs released v0.6.3 at zeroclaw-labs/zeroclaw
- huoji120 starred mem0ai/mem0
- agentscope-ai released v1.0.18 at agentscope-ai/agentscope
- zsxsoft forked zsxsoft/openclaw from openclaw/openclaw
- gh0stkey starred karpathy/autoresearch
- gh0stkey starred idootop/open-xiaoai
- SecWiki News
- CXSECURITY Database RSS Feed - CXSecurity.com
- Doonsec's feed
- 【智能简报】全球安全态势报告3.25-3.26
- 【培训】开源情报分析师实战能力培训班-4月成都开班(有邀请函)
- Coruna框架与三角测量行动的技术同源性报告
- 假如妳在周杰伦的歌里过一生| 从前有个女儿殿下得了公主病,慢慢才懂听妈妈的话,后来她变成了外婆&巫婆
- 赶紧查查,你的AI助手,很有可能正在偷取你的数据!
- 挖不到高危就去“捡垃圾”
- 为什么厉害的红队er都有自己的“小圈子”?
- 上周面试一个技术岗,前30分钟聊得不错。问到离职原因,他顿了顿 “跟部门一个同事闹了矛盾,领导偏私,搞得每天上班很压抑,索性走了。
- N0.1只有肯动手实践的人才是社区最适合的人
- 被毕业的同事并没有消失
- [技术深浅] Linux提权完全指南
- no money 获得openclaw同款推送
- 小白也能学会的红队基础:隐匿、工具、流量、善后全攻略
- Upload Labs 第12关:利用 %00 截断修改保存路径实现上传绕过。
- 想监控内网传输的文件?用Suricata这个功能就够了
- Agent开发|从0实现Agent(四):构建基于DAG图的任务系统(复杂任务协同篇)
- 前置准入平台 - 守一(Soone)
- 介绍视频
- 【漏洞通告】HCL Traveler存在信息泄露漏洞(CVE-2026-21783)
- 【漏洞通告】Ubiquiti UniFi Network Server存在输入验证错误漏洞(CVE-2026-22559)
- 【漏洞通告】sbt存在命令注入漏洞(CVE-2026-32948)
- 【漏洞通告】NVIDIA SNAP-4 Container存在拒绝服务漏洞(CVE-2025-33215)
- 【漏洞通告】NVIDIA SNAP-4 Container存在缓冲区溢出漏洞(CVE-2025-33216)
- 这个开源工具能自动检查安全漏洞
- 超 4.8 亿下载!LiteLLM 遭恶意投毒
- frida课程更新
- CSS 也能拿 Shell?解析Chrome在野 0-day 漏洞 CVE-2026-2441
- 【0day】深科特 LEAN MES系统 /Handler/MobileAppLogin.ashx SQL注入漏洞
- 【0day】深科特 LEAN MES系统 DownLoad.aspx 任意文件读取漏洞
- [漏洞复现]微力同步-Verysync任意文件读取漏洞(VEID-2026-11111)
- 这个人以什么为生
- 使用 opencode 开发微信小程序会议系统
- C23-X05 魅影潜伏与仿冒陷阱:银狐组织借OpenClaw安装包实施攻击活动深度分析
- 安徽普思标准技术: 从R155到GB:汽车网络安全法规分析与企业应对策略
- 智能汽车网络安全与信息安全基础培训课程 2026
- 陕西汽车控股集团: 车辆UN ECE R155认证方案解析
- 从源码到上线:Rust 单文件 Loader 的免杀Defender艺术
- CastelFirm 正式上线!AI 驱动挖掘 80+ 真实 0-day,固件安全的"王炸"来了
- 安卓逆向第二阶段正式完结!三阶段来了,EXP开发、Frida与AI逆向机器人、算法还原与模拟、设备指纹与游戏分析。木鱼沙箱内测
- 【权限维持BOF】:JHeart 一键扫描上线主机“白加黑”维权点
- OpenClaw 近期安全漏洞修复汇总报告
- G.O.S.S.I.P 阅读推荐 2026-03-26 先污染后治理
- @所有人,5月北京见!渊亭科技军事智能产品体系全线升级
- 跟着红队笔记打靶:FourAndSix2.01
- 一文聊透AI里的Token
- Wazuh 实战:Agent 掉线告警从 Level 3 到三层防御体系
- 2026 美团科研合作课题 | 公开征集启动
- 报名|ICLR 2026 美团学术论文精选及分享会(下)
- Gartner观点:2026年数据和分析重要趋势预测
- 项目推荐 | 专注于PHP代码审计的Skill
- 供应链预警|LiteLLM、Apifox两起供应链投毒事件,请尽快应急
- 微软发布新指南,以检测和防御供应链攻击
- GitHub 上出现的虚假 VS Code 安全警报被用于大规模网络钓鱼活动中推送恶意软件
- 中信银行从AI First迈向AI Fast,“十五五”末实现90%以上核心业务流程AI重塑
- AI快讯:淘宝天猫将上线“龙虾版”生意管家,千万级Token赠送启动,Meta新一轮裁员数百人
- 招商银行厦门分行医疗场景机器人项目供应商征集
- 【安全圈】虚假OpenClaw代币赠礼活动瞄准GitHub开发者实施钱包清空骗局
- 【安全圈】卡巴斯基示警微软用户:无代码 AI 工具沦为网络钓鱼“隐形外衣”
- 【安全圈】热门 Python 库 LiteLLM 遭供应链攻击,后门窃取凭证和认证令牌
- 红队工具 - MDUT-Extend 植入高级间谍木马(RAT)全链路分析
- Apifox 投毒事件深度分析:供应链攻击敲响开发者工具安全警钟
- 论坛·原创 | 创新探索数字时代全球网络空间治理的中国方案
- 国家安全部:谨防深度伪造魔改陷阱
- 专家解读 | 健全衍生数据治理机制 释放数字经济新动能
- 观点 | 探索人工智能环境下的数据安全治理路径
- 评论 | 强化打击跨境电诈的执法合力
- 对标2026 RSAC创新沙盒冠军,方向竟如此一致!绿盟科技以中国方案守护AI智能体安全
- 奥尔登堡大学 | SoK:从 CTI 报告中自动化抽取 TTP——我们真的做到这一步了吗?
- 天融信:「Apifox、LiteLLM、Context Hub」AI供应链投毒事件分析(附报告下载)
- LiteLLM供应链投毒事件分析
- 又一个开发工具沦陷,Apifox遭供应链投毒攻击
- RSAC 2026现场:全球网络安全大厂都发布了哪些新品?
- 欧洲最大渔港因勒索攻击运营中断,被迫人工维持货运作业
- 信任劫持:ClawHub漏洞让攻击者轻松刷榜,摇身一变成为热门首选技能
- 探索AI时代下CMMI融合创新与实践路径——“走进CMMI优秀案例企业”首站活动在信安世纪成功举办
- 今年的春招,比往年都要惨烈!
- 脱离业务的风险管控都是空谈?亿格云枢AI-IRM:懂业务的风险“调查官”
- 安言咨询:金融法草案发布,对金融业网络安全工作有什么影响?
- 免费赠送 | 青少年安全意识科普素材(第二十期)
- OpenClaw 的那些神奇技能
- 团体标准小课堂第一期:什么是团体标准?
- 省经信厅办公室关于启动2026年企业上云服务券申领工作的通知
- 首届一流网安人才培养学生工作论坛成功举办
- MDUT-Extend 黑吃灰投毒事件深度溯源分析报告
- 2026数字中国创新大赛数字安全赛道暨三明市第六届"红明谷”杯大赛WP
- 《命运石之门》:不该被低估的科幻神作
- 西安市网信办通报一批涉网络安全、数据安全典型案例
- 中国信通院院长余晓晖:AI企业需主动加强大模型、智能体等技术安全加固
- CAN信号的Intel格式和Motorola格式有什么区别?
- Recent Commits to cve:main
- Tenable Blog
- No Headback
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Sucuri Blog
- ElcomSoft blog
- Insinuator.net
- Sandfly Security Blog RSS Feed
- Bug Bounty in InfoSec Write-ups on Medium
- Reverse Engineering
- Malwarebytes
- Securelist
- daniel.haxx.se
- 明天的乌云
- bishopfox.com
- 奇客Solidot–传递最新科技情报
- 绿盟科技技术博客
- 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 腾讯玄武实验室
- 代码卫士
- 安全分析与研究
- 黑鸟
- 信安之路
- 威努特安全网络
- 安全内参
- 白帽100安全攻防实验室
- 绿盟科技研究通讯
- 奇安信 CERT
- 全频带阻塞干扰
- 微步在线研究响应中心
- 看雪学苑
- 绿盟科技CERT
- 天御攻防实验室
- 中国信息安全
- 安全研究GoSSIP
- 天黑说嘿话
- 微步在线
- 安全学术圈
- 安全圈
- 安全牛
- 黑哥虾撩
- NOVASEC
- 补天平台
- M01N Team
- 极客公园
- 软件安全与逆向分析
- 数世咨询
- 嘶吼专业版
- 情报分析师
- 枇杷熟了
- 腾讯安全威胁情报中心
- TrustedSec
- 美团技术团队
- 迪哥讲事
- Over Security - Cybersecurity news aggregator
- Web Shells: Types, Mitigation & Removal
- Ajax football club hack exposed fan data, enabled ticket hijack
- CISA: New Langflow flaw actively exploited to hijack AI workflows
- Alleged RedLine malware developer extradited to US, faces up to 30 years
- TP-Link, Canva, HikVision vulnerabilities
- A puppet made me cry and all I got was this t-shirt
- Apple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacks
- US official accuses China of supporting, exploiting cyber scam crisis in Southeast Asia
- Diventare resilienti by design: proteggere il perimetro non basta più
- Gemini sul Dark Web: strumento di difesa o nuova frontiera del controllo?
- Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware
- UK sanctions Xinbi marketplace linked to Asian scam centers
- Apple rolls out age verification to UK iPhone users
- A major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to know
- Top Dark Web Telegram Groups & Channels (2026)
- WhatsApp rolls out more AI features, iOS multi-account support
- TikTok for Business accounts targeted in new phishing campaign
- Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
- Coruna iOS exploit framework linked to Triangulation attacks
- EU investigating Snapchat and pornography sites in child safety crackdown
- Russia arrests suspected owner of LeakBase cybercrime forum
- Talos Takes: 2025 insights from Talos and Splunk
- Russia detains alleged admin of LeakBase cybercrime forum weeks after global crackdown
- UK sanctions Chinese crypto marketplace tied to scam compounds
- Suspected RedLine infostealer malware admin extradited to US
- Nova Scotia Power Data Breach Compromises Data of Over 900,000 Users
- An AI gateway designed to steal your data
- 1-15 March 2026 Cyber Attacks Timeline
- Global Magecart Campaign Puts Banks Under Pressure, Leveraging Redsys Payment Mimicry and Hijacking
- Three Individuals Charged for Trying to Smuggle ‘America-Made’ AI Tech Worth $170M
- Resilienza digitale 2.0: integrare l’AI nel perimetro di sicurezza DORA
- La nuova Cyber Strategy USA va oltre i confini nazionali: i 6 pilastri operativi
- Node.js Fixes Critical Flaws, Patches DoS Risk in Latest Security Update
- Attacco alla sanità: ecco perché una cartella clinica vale fino a mille euro nel dark web
- Coruna: the framework used in Operation Triangulation
- Port of Vigo Hit by Ransomware Attack, Cargo Systems Disrupted
- The Energy Sector’s Ransomware Nightmare: Why Critical Infrastructure Can’t Catch a Break
- RedLine Infostealer Network’s Second Defendant Now Faces a U.S. Court
- ANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026
- Scuf Gaming - 128,683 breached accounts
- Kali Linux 2026.1 Launches with 8 New Tools, UI Refresh, and Kernel Upgrade
- Sound Radix - 292,993 breached accounts
- Magento sotto attacco: PolyShell, sfruttamento di massa in pochi giorni
- Tails - News
- 安全行者老霍
- bellingcat
- HACKMAGEDDON
- ICT Security Magazine
- 吾爱破解论坛
- SANS Internet Storm Center, InfoCON: green
- Have I Been Pwned latest breaches
- Schneier on Security
- The Hacker News
- China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
- [Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
- Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
- Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
- ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks
- WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites
- Trend Micro Research, News and Perspectives
- TorrentFreak
- The Register - Security
- Security Affairs
- U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog
- Coruna exploit reveals evolution of Triangulation iOS exploitation framework
- Researchers uncover WebRTC skimmer bypassing traditional defenses
- Russian authorities arrest alleged LeakBase admin behind stolen data marketplace
- 熵减矩阵
- Deep Web
- Tor Project blog
- Computer Forensics
- Your Open Hacker Community
- Blackhat Library: Hacking techniques and research
- Information Security
- Meet LeakNet - the ransomware group that gets you to hack yourself
- Detection Engineers/SOC Analysts: Wondering about what was the most useful thing you guys found that really helped to bridge the gap in terms of the lack of context in order to fine tune the alert more easily. -or claim as False Positive quickly-
- Participants needed for university research on deepfake detection (18+, Computing Related Fields, 8–10 min)
- Risk Justification Engine - Is this a framework engine that would help CISOS
- Risk Justification Engine - Is this a Frame that help with politics flow
- How a single unpatched Go dependency almost cost us a SOC 2 certification
- netsecstudents: Subreddit for students studying Network Security and its related subjects
- can you guys pls explain to me how email account get hacked and what to do after?
- Shadow AI is outpacing IT’s ability to track it, and the real issue isn’t security
- This might sound cheesy, but does anyone know of a community/group I could join focused on netsec?
- Looking for a beginner learning partner in cybersecurity
- Made a CTF from a server I actually had in production — 10 routes, AI coach optional
- Technical Information Security Content & Discussion
- Making NTLM-Relaying Relevant Again by Attacking Web Servers with WebRelayX
- Disabling Security Features in a Locked BIOS
- Magento PolyShell – Unauthenticated File Upload to RCE in Magento (APSB25-94)
- Dangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AI
- Common Entra ID Security Assessment Findings – Part 1: Foreign Enterprise Applications With Privileged API Permissions
- Exploiting AQL Injection Vulnerabilities in ArangoDB
- What I Learned from a $2,000 Pen Test
- LiteLLM malware supply chain attack analysis (pt-BR only, sorry)
- GRAHAM CLULEY
- Deeplinks
- Security Weekly Podcast Network (Audio)