[每日信息流] 2026-04-03 #1197
Description
每日安全资讯(2026-04-03)
- Private Feed for M09Ic
- xpn starred gsd-build/get-shit-done
- anthropics released v2.1.91 at anthropics/claude-code
- github released v0.5.0 at github/spec-kit
- bolucat released 202604022104 at bolucat/Archive
- github released v0.4.5 at github/spec-kit
- ZeddYu starred motiful/cc-gateway
- CHYbeta starred gadievron/raptor
- Rvn0xsy starred bytedance/deer-flow
- zema1 starred HKUDS/OpenHarness
- Ridter forked Ridter/claude-code_evil from Ta0ing/claude-code_evil
- Ridter starred Ta0ing/claude-code_evil
- Mel0day starred openai/codex-plugin-cc
- PrefectHQ released 3.6.25.dev6 at PrefectHQ/prefect
- Doonsec's feed
- 【工具】CIA世界概况
- cnmaps 版本更新:支持全球地图边界,内置 AI Skill
- OSCP百日备考03|Windows基础全拆解!AD域渗透+提权核心,考场90%的坑都在这
- 梯形比例模型
- [ 权限过载 ]基础设施紧急恢复百分之45
- 韩国人用Python重写Claude Code!一夜爆火10万星
- 董宇辉伤了丈母娘的心
- JSSS-Find V10 重磅升级|能力全面进化
- 从PC到智能体:网络安全范式演进与未来判断
- 无线开源情报工具 WireTapper
- 【红队必备】:渗透综合性安全检测工具无影
- 某法院三级等保拓扑
- 论文研读与思考|AdvTG 一种用于欺骗的对抗性流量生成框架
- OSINT:使用 Overpass Turbo 查找监控摄像头
- 安全订阅制,为什么国内安全公司就是做不起来?
- 短信验证码防泄漏安全机制逆向分析
- MAJIC框架!90%+ 黑盒大模型越狱
- 【AI安全】MAJIC框架!90%+ 黑盒大模型越狱
- 智能分流:Hx0鹰眼让Burp只抓你想抓的
- HackMyVm靶场之Flute
- AntiDebug + 脚本实现自动测试Vue路由未授权
- 同事.skill 前任.skill 自己.skill
- HackingTool——渗透测试工具箱集成185+ 款安全工具
- 运维人的4个薪资等级,你在哪一级?
- 几个很夯的安全Skills
- SRC 实战技巧指南
- ctftools-all-in-one AI
- 中央网信办、工业和信息化部、公安部关于开展2026年个人信息保护系列专项行动的公告
- 免杀skill(装机即用)
- 第三届“长城杯”网数智安全大赛(防护赛)总决赛开赛通知
- Rapid7深度分析:2025年暗网初始访问代理市场趋势、定价与论坛格局
- G.O.S.S.I.P 阅读推荐 2026-04-02 Thought is All You Need
- 快手广告系统全面迈入生成式推荐时代!GR4AD:从Token到Revenue的全链路重构
- 2026polarisctf-Broken Trust(SQLite注入 任意文件读取)
- 三部委重磅开展个人信息保护专项行动!盛邦安全独家方案助力企业全面合规
- 关于CTF_agent的开发心得
- 美团发布原生多模态 LongCat-Next:当视觉和语音成为AI的母语
- LongCat-Flash-Prover:AI 攻克数学定理证明,不仅要“算得对”,更要“证得严”
- Qwen 3.6悄悄涨价2.5倍,阿里终于不装了?
- 第三届“长城杯”网数智安全大赛(防护赛)总决赛开赛通知
- Claude Code 30分钟挖出Vim用了三十年的0Day,收到陌生文件先别急着打开
- 4月2日,一台核电机组发生非计划停堆,机组处于安全状态,三道安全屏障功能正常,无放射性物质对外释放
- MCP也过时了?CLI 才是 AI Agent 的终极进化方向?
- 赛门铁克DLP代理漏洞允许攻击者提升权限
- Cisco IMC 存在严重漏洞,攻击者可绕过身份验证
- 交行已部署2500+AI智能体助手,将探索数字委员、数字专家应用
- AI快讯:Visa推6款AI工具改善信用卡争议处理,蚂蚁数科“专业虾”DTClaw开启内测
- 345万!贵州农商联合银行人工智能算力服务器采购项目
- 告诉你一个最稳的挣钱方法,每天200元的收入,让我乐此不疲!(内附详细教程)
- 【供应链风险综合预警】Axios 与 LiteLLM 官方包遭严重劫持与投毒
- 首家安全厂商!奇安信龙虾安全伴侣通过中国信通院OpenClaw类智能体安全防护产品能力评测
- 聚焦 “十五五” 护航现代化产业体系安全建设 德胜门大讲堂火热报名
- 中国互联网协会新标准即将落地,安全护栏已成刚需:大模型网关如何让政企安心用AI?
- Handala黑客组织声称攻陷以色列国防承包商PSK WIND公司网络
- [漏洞播报]你的电脑主板也在变的不安全,技嘉控制中心曝9.2分高危漏洞
- 记某edusrc从小程序xss到web未授权再到任意用户登录简单挖掘
- 黑客和网警相比到底谁更厉害?
- AI Native | 为什么老代码喂不动AI:代码仓库AI适配的关键改造路径
- 2026 年多部门深化 App 及重点领域个人信息违规收集问题专项治理
- 现在学黑客技术,多久能学会?这才是真相!
- Vertex AI 漏洞暴露谷歌云数据和非公开制品
- libpng 官方参考库中的这两个严重漏洞已存在30年之久
- 每日安全动态推送(26/4/2)
- Chrome 0Day漏洞遭野外利用,谷歌紧急更新修复21项高危漏洞
- Telegram零日漏洞可零点击接管设备,官方否认存在
- AI Agent狂飙突进,数据安全断层成企业生死线
- Nginx-UI备份漏洞可篡改加密配置,攻击者能注入恶意代码完全控制系统
- 请升级:技嘉控制中心曝 9.2 分高危漏洞,黑客可远程接管电脑
- 够你龙虾用半年了~ 白嫖【9000万】 Tokens !
- 白嫖【1000】个专业Skills 每一个都是你的员工
- 白嫖【15】个黑客专用AI工具 是个人都能玩会!
- 白嫖【10】款神级小工具,只要整不死 就往死里整
- 白嫖【1500G】全网最全AI安全 黑客技术 1500G免费送!
- 白嫖 各大影视平台会员 安卓可用
- 涉*卜快跑文章撤稿声明
- 三部门发布2026年个人信息保护专项行动公告
- EtherRAT 和 SYS_INFO 模块:以太坊上的 C2(EtherHiding)、目标选择、类似 CDN 的信标
- 信息安全——Secure Hardware Extensions (SHE) 之 数据存储
- CAN总线错误帧分析方法
- 专题 • 特别策划|全球人工智能治理:多元主体结构与互动机制
- 马民虎 黄道丽:AI智能体专门立法与现行法如何互补融合
- 勾结男团司机售卖艺人隐私,3人被采取刑事强制措施
- 【高危漏洞预警】Vim代码执行漏洞CVE-2026-34982
- 从无差别攻击到APT定向攻击:Apifox供应链投毒攻击链路完整剖析
- Vim 高危 RCE 漏洞预警:打开文件即执行任意命令(CVE-2026-34714)
- FLUX-Web安全扫描工具v5.4 更新~
- 无缝适配国产OSxa0火绒安全再获兼容认证
- 诚邀渠道合作伙伴共启新征程
- 技术拉满,荣誉加冕!顺丰SRC白帽技术沙龙 + 年度颁奖高能回顾
- 工业互联网标识解析体系助力物联网产业创新发展
- 海南世纪网安 “清明节” 放假及值守安排
- ai小龙虾自动挖洞获取赏金
- 今晚开始,查询XVI扩展漏洞情报免费了
- 猎影渗透测试平台 - 公开测试上线-重点说清楚:这是测试版。
- 武汉大学何德彪教授课题组两篇论文被PKC接收!
- 干货 | 携程 JDK25 升级踩坑记:一场由 G1GC “偷走”对象引发的数据静默损坏
- Recent Commits to cve:main
- SecWiki News
- Microsoft Security Blog
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- obaby 𝐢𝐧⃝ void
- 先知安全技术社区
- Corelan | Exploit Development & Vulnerability Research
- Google Online Security Blog
- Cerbero Blog
- Didier Stevens
- Inside Stormshield
- Bug Bounty in InfoSec Write-ups on Medium
- Reverse Engineering
- Malwarebytes
- SentinelOne
- Offensive OSINT
- 奇客Solidot–传递最新科技情报
- 绿盟科技技术博客
- 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 腾讯玄武实验室
- 黑鸟
- 奇安信 CERT
- 安全分析与研究
- 威努特安全网络
- 代码卫士
- 看雪学苑
- 安全内参
- 绿盟科技研究通讯
- 先进攻防
- 安全研究GoSSIP
- 情报小蜜蜂
- 安全学术圈
- 信息安全国家工程研究中心
- 中国信息安全
- 微步在线
- 天黑说嘿话
- 安全圈
- 网络空间安全科学学报
- 默安科技
- 极客公园
- 字节跳动安全中心
- 嘶吼专业版
- 数世咨询
- 补天平台
- 火绒安全
- 慢雾科技
- 斗象智能安全
- 情报分析师
- 迪哥讲事
- TrustedSec
- 美团技术团队
- 深信服千里目安全技术中心
- 安全行者老霍
- Securityinfo.it
- bellingcat
- ICT Security Magazine
- Schneier on Security
- 安全419
- Over Security - Cybersecurity news aggregator
- Vulnerability & Patch Roundup — March 2026
- Claude Code leak used to push infostealer malware on GitHub
- Nova Ransomware: between propaganda, threats, and contradictions – what emerges from direct interaction with the group
- Drift loses $280 million as hackers seize Security Council powers
- The democratisation of business email compromise fraud
- The Language of Emojis in Threat Intelligence: How Adversaries Signal, Obfuscate, and Coordinate Online
- Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea
- French Senate passes bill that would ban children under 15 from social media
- Proxy residenziali: quando la reputazione degli IP smette di funzionare
- Claude, 500mila righe di codice esposte per errore: i rischi per la supply chain software
- ICE says it bought Paragon’s spyware to use in drug trafficking cases
- Residential proxies evaded IP reputation checks in 78% of 4B sessions
- Internet in Russia al rallentatore: fra restrizioni e aggiramenti, ecco il futuro della rete dello zar
- Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks
- Medtech giant Stryker fully operational after data-wiping attack
- PanoptiCON2026 - Fuoco invisibile: la difesa inizia da ciò che sai vedere
- [Video] The TTP Ep 21: When Attackers Become Trusted Users
- App-server Codex di OpenAI: configurazione insicura espone a esecuzione di comandi remoti
- Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices
- The Malware Gap: Why Fraud & Security Controls Still Miss Mobile Malware
- Critical Cisco IMC auth bypass gives attackers Admin access
- From Reactive to Proactive: 5 Steps to SOC Maturity with Threat Intelligence
- An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases
- Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders
- Qilin EDR killer infection chain
- UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications
- Phishing e attacchi AiTM: come le email compromesse diventano trampolini per spam massivo
- The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure
- Microsoft links Classic Outlook issue to email delivery problems
- Vietnam-Linked PXA Stealer Campaign Exploits LinkedIn to Target Professionals Globally
- FBI Warns of AVrecon Malware Targeting Network Devices Across 163 Countries
- FBI Warns of Data Security Risks in Foreign-Developed Mobile Apps
- Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
- Claude e Firefox, l’AI accelera la ricerca di vulnerabilità e diventa parte del DevSecOps
- Hasbro Discloses Cyberattack After Unauthorized Network Access Detected
- Intesa Sanpaolo Missed Unauthorized Access for 2 Years, Regulator Reveals
- Vertex AI e il rischio dei “double agent” AI
- WhatsApp warns users of fake app used to distribute spyware
- 云鼎实验室
- SANS Internet Storm Center, InfoCON: green
- Desync InfoSec
- TG Soft Software House - News
- Security Affairs
- The Register - Security
- Deep Web
- Blackhat Library: Hacking techniques and research
- Technical Information Security Content & Discussion
- Cisco source code stolen by ShinyHunters via Trivy supply-chain attack. AWS keys breached, 300+ repos cloned and more
- SHA Pinning Is Not Enough
- Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices
- The [LinkedIn browsergate] Attack: How it works
- Your terminal is lying to you: escape sequence attacks from the 90s that still work.
- You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
- Detailed analysis of a sophisticated firefox extension malware found in the wild using browser-xpi-malware-scanner.py
- red team sandbox with real detection
- The Hacker News
- Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
- Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
- ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
- Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
- The State of Trusted Open Source Report
- WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
- Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
- TorrentFreak
- netsecstudents: Subreddit for students studying Network Security and its related subjects
- Future of Tech and Security: Strategy & Innovation with Raffy
- Your Open Hacker Community
- Information Security
- Computer Forensics
- Deeplinks
- Weakening Speech Protections Will Punish All of Us—Not Just Meta
- A Baseless Copyright Claim Against a Web Host—and Why It Failed
- Print Blocking Won't Work - Permission to Print Part 2
- Print Blocking is Anti-Consumer - Permission to Print Part 1
- Google and Amazon: Acknowledged Risks, and Ignored Responsibilities
- EFF’s Submission to the UN OHCHR on Protection of Human Rights Defenders in the Digital Age
- Speaking Freely: Jacob Mchangama
- Security Weekly Podcast Network (Audio)
- 吾爱破解论坛
- 网安寻路人