[每日信息流] 2026-01-27 #1130
Description
每日安全资讯(2026-01-27)
- Doonsec's feed
- 如果是我,我有没有别的办法?
- 网络安全自学书单(6本)
- 全球瞭望|网络安全重大事件精选(197期)
- 这款手机能当安卓机、Linux 工作站、Windows PC 用?
- 丝滑注入之万能钥匙
- 破防的helen有多可怕
- 手把手教你成为白帽黑客!Web架构基础(中)
- 马化腾1月26日讲话重点-AI动作慢了
- 于正的“真实腹肌”难倒AI?
- 【协会风采】理事单位:福建省四信数字科技集团有限公司
- DumpGuard:首个公开绕过Windows Credential Guard的凭据提取工具
- c2各种源码分析视频教程规划
- 此刻起,立马开启无限AI之旅!众多模型等你使用!
- 每日课程更新
- 闲置主机 + 白嫖Claude:零成本打造7x24小时的AI牛马
- 软件定义车辆的网络安全
- 软件定义汽车(SDV)核心技术培训课程 2026
- 车轮上的代码 —— 软件定义汽车的安全与网络安全策略
- 东南大学 |ByteDance :让字节在多视角加密流量分类中表现卓越
- G.O.S.S.I.P 阅读推荐 2026-01-26 以“包”之名
- 百度:智能驾驶一线攻防实战
- 16_等保系列之等级保护、风险评估和安全测评三者的区别
- 多协议安全测试工具 - MPET
- 将网络内容转换为LLM适用数据
- CVE-2025-55182 的 POC,可在 Next.js 16.0.6 上运行
- REINFORCE 越狱攻击让 Llama 3 彻底黑化
- 15_等保系列之三保一评联系与区别
- 开源计算机科学学位
- 马斯克:5年内AI智慧将超越全人类!
- 今日腊八节!
- 红队C2工具--vshell
- 超棒的数学
- MS365 高级版(原copilot pro)使用智能体模式
- 聊聊信息安全、网络安全和数据安全三个概念
- 国家网信办就《金融信息服务数据分类分级指南(征求意见稿)》公开征求意见
- 极客无疆——2025京麒白帽大会暨JSRC年终盛典圆满落幕!
- 论坛·原创 | “一带一路”背景下中国海外数字利益保护问题与对策
- 国安部提示:对网络空间恶意“带节奏”的乱象要时刻保持警醒
- 通知 | 国家网信办就《金融信息服务数据分类分级指南(征求意见稿)》公开征求意见
- 评论 | 平台要当好招聘信息“守门人”
- 警惕!GNU Inetutils telnetd 9.8分高危漏洞来袭,附批量可视化检测工具
- 普通人用AI赚第一桶金:不用会技术,从小钱开始,落地就有钱
- Lazarus黑客积极攻击欧洲无人机制造公司
- Webshell网络安全应急响应
- 新120万年薪的网络安全总监的,他竟然…
- 央视《新闻联播》:2025年我国数字产业收入超38万亿元
- 学术前沿 | 西安交通大学蔺琛皓教授团队:跨场景下基于人机交互行为的儿童识别技术
- 【接口漏洞第八章第六节】GraphQL端点发现了,然后呢?实战利用自省功能“透视”API
- Private Feed for M09Ic
- xnl-h4ck3r released v8.3 at xnl-h4ck3r/waymore
- bolucat released 202601261945 at bolucat/Archive
- joaoviictorti starred JelteF/derive_more
- PrefectHQ released 3.6.14.dev3 at PrefectHQ/prefect
- itm4n released 2026.01.26-1 at itm4n/PrivescCheck
- Mel0day starred clawdbot/clawdbot
- kpcyrd starred lucasgelfond/zerobrew
- su18 starred clawdbot/clawdbot
- gh0stkey starred enspirit/elo
- Ridter starred clawdbot/clawdbot
- pmiaowu starred fr33d3m0n/skill-threat-modeling
- panjf2000 starred clawdbot/clawdbot
- DVKunion starred caddyserver/caddy
- SecWiki News
- Der Flounder
- 安全客-有思想的安全新媒体
- CVE-2026-23594:HPE Alletra和Nimble中存在高严重性漏洞可被利用获取管理员权限
- OpenAI发力TOB市场,瞄准企业客户与高价值商业场景
- “SymPy”仿冒品:域名抢注式攻击将数学库沦为加密货币挖矿工具
- 破坏与野外利用:LA-Studio Element Kit中发现严重后门
- 黑客利用“rn”拼写欺诈手段,在新型钓鱼攻击中仿冒微软与万豪
- Mac 用户警惕:“MacSync”恶意软件诱导你“亲手”入侵自己的设备
- CVE-2026-22822:External Secrets Operator严重漏洞破坏命名空间隔离机制
- Google推出「个人智能」AI模式,打造专属个性化搜索体验
- Microsoft 365全球宕机事件:2026年1月22日多国业务停摆
- GNU InetUtils telnetd严重漏洞可让攻击者绕过登录获取root权限
- Recent Commits to cve:main
- CXSECURITY Database RSS Feed - CXSecurity.com
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Microsoft Security Blog
- 美团技术团队
- 奇安信攻防社区
- ElcomSoft blog
- Cerbero Blog
- Horizon3.ai
- LevelBlue SpiderLabs Blog
- Bug Bounty in InfoSec Write-ups on Medium
- Binary Ninja
- Inside Stormshield
- Malwarebytes
- Reverse Engineering
- /r/ReverseEngineering's Weekly Questions Thread
- Roadmap and Resources for Hardware Reverse Engineering
- Certificate Transparency as Communication Channel
- static_asm: compile-time C++20 x86/x64 assembler
- R2web: Access radare2 from anywhere, anytime. Now r2become more easier to be accessible than before, no local installation required use it anytime, anywhere from any device
- daniel.haxx.se
- 绿盟科技技术博客
- HackerNews
- Security Blog | Praetorian
- 奇客Solidot–传递最新科技情报
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 安全分析与研究
- 黑鸟
- 威努特安全网络
- 安全客
- 代码卫士
- 安全内参
- 青山青吖
- 绿盟科技研究通讯
- 二道情报贩子
- RapidDNS
- 安全研究GoSSIP
- 信息安全国家工程研究中心
- 丁爸 情报分析师的工具箱
- 安全圈
- 网安杂谈
- 看雪学苑
- 中国信息安全
- 补天平台
- 网络空间安全科学学报
- XCTF联赛
- 安全牛
- 电子物证
- 嘶吼专业版
- 极客公园
- 火绒安全
- 微步在线
- 慢雾科技
- 数世咨询
- 斗象智能安全
- 京东安全应急响应中心
- 威胁猎人Threat Hunter
- 迪哥讲事
- OnionSec
- 360数字安全
- 情报分析师
- Over Security - Cybersecurity news aggregator
- Google agrees to pay $68 million to settle voice recording lawsuit
- Here’s the tech powering ICE’s deportation crackdown
- New ClickFix attacks abuse Windows App-V scripts to push malware
- Supreme Court to hear Facebook pixel tracking case
- Microsoft patches actively exploited Office zero-day vulnerability
- Digital Networks Act (Dna): i punti chiave su cyber security e protezione degli utenti
- Cloudflare misconfiguration behind recent BGP route leak
- EU launches investigation into X over Grok-generated sexual images
- Judge awards British critic of Saudis $4.1 million, finds the regime hacked his devices
- Data Act, c’è un aggiornamento delle FAQ: cosa cambia per aziende e utenti
- Stanley — A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee
- Russian state hackers likely behind wiper malware attack on Poland’s power grid
- Nearly 800,000 Telnet servers exposed to remote attacks
- 6 Okta security settings you might have overlooked
- Romania probes two suspects over alleged hitman-for-hire website
- C’è Sandworm dietro l’attacco contro il settore energetico polacco
- Attacco cyber russo alla Polonia: la guerra è in UE e nessuno si sorprende
- Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies
- EU launches formal investigation into X and Grok over sexual images
- CISA says critical VMware RCE flaw now actively exploited
- Fix Staff Shortage & Burnout in Your SOC with Better Threat Intelligence
- L’eclissi della cifratura: AI, quantum e la sfida satellitare cinese nel 2026
- ChatGPT Temporary chat feature is getting a much-needed upgrade
- 安全行者老霍
- Securityinfo.it
- 安全419
- SANS Internet Storm Center, InfoCON: green
- 网络安全回收站
- CNVD漏洞平台
- Schneier on Security
- ICT Security Magazine
- The Hacker News
- Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
- Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
- ⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
- Winning Against AI-Based Attacks Requires a Combined Defensive Approach
- Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers
- Trend Micro Research, News and Perspectives
- The Register - Security
- Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
- EU looking into Elon Musk's X after Grok produces deepfake sex images
- Data thieves borrow Nike's 'Just Do It' mantra, claim they ran off with 1.4TB
- Moscow likely behind wiper attack on Poland’s power grid, experts say
- Oracle AI sailed the world on Royal Navy flagship via cloud-at-the-edge kit
- UK digital ID goes in-house, government swears it isn't an ID card
- NetSPI
- TG Soft Software House - News
- Security Affairs
- Emergency Microsoft update fixes in-the-wild Office zero-day
- ShinyHunters claims 2 Million Crunchbase records; company confirms breach
- Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint
- North Korea–linked KONNI uses AI to build stealthy malware tooling
- Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid
- TorrentFreak
- Your Open Hacker Community
- Information Security
- Deep Web
- netsecstudents: Subreddit for students studying Network Security and its related subjects
- Looking for feedback on a student project about honeypots & attack analysis
- Passed CEH 🎉 Scored 106/125 – My Exam Experience
- Final year project request: Wi-Fi security / vulnerability scanner (ready project or repo)
- Final year project suggestions
- Best laptop for 1500 for networking and cybersecurity student
- Blackhat Library: Hacking techniques and research
- Technical Information Security Content & Discussion
- /r/netsec's Q1 2026 Information Security Hiring Thread
- Bypassing Windows Administrator Protection
- After reporting vulnerabilities found in MDT, Microsoft chose to retire the service rather than fix the issues... Admins should follow the defensive recommendations to mitigate the issues if they choose to continue using the software or can’t migrate to a different solution.
- Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission
- "Open sesame": Critical vulnerabilities in dormakaba physical access control system enable unlocking arbitrary doors
- AI Finds Vulnerability Chain Leading to Account Takeover and Leaked Bookings
- Computer Forensics
- Krebs on Security
- Project Zero