[每日信息流] 2026-01-28 #1131
Description
每日安全资讯(2026-01-28)
- Private Feed for M09Ic
- pydantic released v1.48.0 at pydantic/pydantic-ai
- bolucat released 202601271949 at bolucat/Archive
- CHYbeta starred scabench-org/hound
- kyxiaxiang starred username639/Vac-Emulator
- huoji120 starred username639/Vac-Emulator
- spf13 starred steveyegge/gastown
- ayoubfaouzi released v1.1.0 at ayoubfaouzi/al-khaser
- Rvn0xsy starred joaovarelas/Obfuscator-LLVM-16.0
- mgeeky starred BinaryDefense/artillery
- gh0stkey starred protectai/vulnhuntr
- PrefectHQ released 3.6.14.dev5 at PrefectHQ/prefect
- CHYbeta starred bmad-code-org/BMAD-METHOD
- zema1 starred evilmartians/lefthook
- gh0stkey starred allthingsida/idasql
- Rvn0xsy starred TheWover/donut
- Rvn0xsy forked Rvn0xsy/agentfs from tursodatabase/agentfs
- zema1 starred jellydator/ttlcache
- whwlsfb starred adrgs/requestrepo
- CHYbeta starred nghyane/llm-mux
- timwhitez starred Syngnat/missav-bot
- gh0stkey starred bmad-code-org/BMAD-METHOD
- Doonsec's feed
- 【资料】开源情报(OSINT)2025现状
- 年薪120万信息安全总监被同事吐槽只会三板斧
- 全球无线网络位置数据库(Wi-Fi/蜂窝/蓝牙)
- 【高危漏洞预警】Microsoft Office安全功能绕过漏洞(CVE-2026-21509)
- 工具 | 全球威胁与事件情报地图-战争、冲突、军事基地和国家历史
- 我用AI「做小红书」,一周涨粉500,终于赚到了第一笔广告费
- 疑湾湾一架F-16战机在高雄地区坠毁
- 大道至简-AI赋能FindSomething实现高可用性前端敏感信息与未授权路径快速分析-渗透测试必备
- 搞成一次快手这样攻击效果黑客要花多少钱?
- 学术前沿 | 中国科学技术大学林璟锵教授团队:隐私保护单点登录服务的门限IdP服务器方案
- 手机限速后,网站为何成了“背锅侠”?一次抓包引发的深思
- DeepSeek-R1 封神!霸榜代码安全审计
- 民警少加班,企业快决策!国投智能股份发布“数据智能全家桶”
- 铸就专业高度|电子数据调查分析技术(高级)线上培训报名启动
- 关于举办“AI安全攻防与测试”培训2026年03月的开班通知
- 2026-现代化数字网络技能增长三部(第2)
- 其实Linux脚本一点都不难!
- 【AI安全】DeepSeek-R1 封神!霸榜代码安全审计
- 2026年别再乱考证了,这几个证书才是硬通货!
- 新年提升不踩坑,从0元试学开始!
- 稳定币是什么
- 暗藏杀机的 Hugging Face【AI安全第十期】
- 国际船级社协会(IACS)统一要求 E26 和 E27:弥合法规与实施之间的差距 —— 从合规走向优势
- 智能船舶网络安全与系统防护专项培训课程 2026
- E26 和 E27—— 弥合法规与实施之间的差距:连接解决方案提供商的视角
- Webshell 利用平台 - MatouWebshell
- [免杀] 天堂之门
- 一种利用 HTTP 重定向循环的新型 SSRF 技术
- 关于《道路机动车辆生产企业准入审查要求》和《道路机动车辆产品准入审查要求》中的安全问题解读
- 不用MimiKatz,怎么获取windows凭证
- 每日安全动态推送(26/1/27)
- 新型“Stanley”黑产 MaaS 遭曝光,可令钓鱼扩展通过谷歌 Chrome 商店审核
- APT黑客利用GOGITTER工具和GITSHELLPAD恶意软件攻击印度政府
- 千万当心!B站涌现大量新号散播病毒:发视频宣传带毒图吧工具箱
- 电脑内存大清理:别让垃圾吃掉你的速度
- 新春补课节:马年第一课,3大福利都给你准备好了
- 最近ai编程使用
- Apache Hadoop 漏洞暴露系统,可能导致崩溃或数据损坏
- Tenable Blog
- Google Online Security Blog
- 奇安信攻防社区
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Microsoft Security Blog
- Armin Ronacher's Thoughts and Writings
- paper - Last paper
- SecWiki News
- Recent Commits to cve:main
- Insinuator.net
- Blog - Atredis Partners
- Securelist
- GuidePoint Security
- Malwarebytes
- text/plain
- HackerNews
- 奇客Solidot–传递最新科技情报
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- rtl-sdr.com
- Shostack & Friends Blog
- 雷神众测
- 安全分析与研究
- 黑鸟
- CT Stack 安全社区
- 威努特安全网络
- 青衣十三楼飞花堂
- 奇安信 CERT
- 青山青吖
- 代码卫士
- 安全学术圈
- 安全内参
- 安全圈
- 中国信息安全
- 长亭科技
- 看雪学苑
- 安全牛
- 网络空间安全科学学报
- 数世咨询
- 火绒安全
- 极客公园
- 情报分析师
- 京东安全应急响应中心
- 迪哥讲事
- 字节跳动技术团队
- 360数字安全
- 国家互联网应急中心CNCERT
- Arturo Di Corinto
- Over Security - Cybersecurity news aggregator
- Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
- Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
- Judge dismisses case alleging use of Flock cameras in Virginia city is unconstitutional
- WhatsApp unveils anti-spyware ‘lockdown’ feature
- WinRAR path traversal flaw still exploited by numerous hackers
- Chinese money launderers moved more than $16 billion of illicit crypto in 2025, report finds
- Nike investigates data breach after extortion gang leaks files
- Prompt injection e Agenti AI: l’approccio multilivello e proattivo per difendersi
- Sfruttate utenze della PA compromesse per tentare il furto di credenziali Microsoft 365 tramite Figma
- Critical sandbox escape flaw discovered in popular vm2 NodeJS library
- Allarme truffe, nuove campagne di phishing SPID: analisi delle tecniche e dei rischi
- Dozens more are charged in Ploutus ATM jackpotting conspiracy
- PackageGate: trovati sei bug zero-day nei package manager, ma NPM non interviene
- US charges 31 more suspects linked to ATM malware attacks
- Nike probes potential cyber incident after hackers claim data leak
- From Cipher to Fear: The psychology behind modern ransomware extortion
- NIS2 e Cybersecurity Act 2: verso una semplificazione matura della compliance europea
- Over 6,000 SmarterMail servers exposed to automated hijacking attacks
- Russian security systems firm Delta hit by cyberattack, services disrupted
- UK plans sweeping overhaul of policing amid surge in online crimes
- Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
- AI nella cyber security: tra opportunità di difesa e nuovi rischi per la sicurezza digitale
- Your Cloud(s). Adversaries’ Chance At Control
- I primi minuti di un incidente di sicurezza come fondamento della prova forense
- HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
- SoundCloud - 29,815,722 breached accounts
- New malware service guarantees phishing extensions on Chrome web store
- Securityinfo.it
- bellingcat
- Have I Been Pwned latest breaches
- ICT Security Magazine
- IoMT e il paradosso della certificazione: quando la compliance normativa ostacola la cybersecurity dei dispositivi medicali
- Prova digitale tra garanzie costituzionali, prassi operative e “copia-mezzo”
- Responsabilità dei sistemi AI e decisioni automatizzate: il nuovo paradigma giuridico dell’era algoritmica
- Troy Hunt's Blog
- Full Disclosure
- Re: Multiple Security Misconfigurations and Customer Enumeration Exposure in Convercent Whistleblowing Platform (EQS Group)
- SEC Consult SA-20260126-2 :: UART Leaking Sensitive Data in dormakaba registration unit 9002 (PIN pad)
- SEC Consult SA-20260126-1 :: Multiple Critical Vulnerabilities in dormakaba Access Manager
- SEC Consult SA-20260126-0 :: Multiple Critical Vulnerabilities in dormakaba Kaba exos 9300
- 娜璋AI安全之家
- CENSUS
- Schneier on Security
- The Hacker News
- WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
- Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
- ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
- CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
- Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation
- Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
- China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
- TorrentFreak
- Security Affairs
- WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users
- Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online
- U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog
- Amnesia RAT deployed in multi-stage phishing attacks against Russian users
- Dormakaba flaws allow to access major organizations’ doors
- Instapaper: Unread
- The Register - Security
- Paranoid WhatsApp users rejoice: Encrypted app gets one-click privacy toggle
- Let them eat sourdough: ShinyHunters claims Panera Bread as stolen credentials victim
- China-linked group accused of spying on phones of UK prime ministers' aides – for years
- France to replace US videoconferencing wares with unfortunately named sovereign alternative
- Microsoft illegally installed cookies on schoolkid's tech, data protection ruling finds
- High Court to grill London cops over live facial recognition creep
- Office zero-day exploited in the wild forces Microsoft OOB patch
- SANS Internet Storm Center, InfoCON: green
- Deeplinks
- Security Weekly Podcast Network (Audio)