[每日信息流] 2026-01-29

# 每日安全资讯（2026-01-29）

- Private Feed for M09Ic
  - [ ] [mgeeky starred UnsaltedHash42/Callandor](https://github.com/UnsaltedHash42/Callandor)
  - [ ] [joaoviictorti starred 19h/rax](https://github.com/19h/rax)
  - [ ] [bolucat released 202601281945 at bolucat/Archive](https://github.com/bolucat/Archive/releases/tag/202601281945)
  - [ ] [CHYbeta starred VoltAgent/voltagent](https://github.com/VoltAgent/voltagent)
  - [ ] [xxDark starred CertainLach/pykrete-wb](https://github.com/CertainLach/pykrete-wb)
  - [ ] [CHYbeta starred infosec-us-team/onboardme](https://github.com/infosec-us-team/onboardme)
  - [ ] [Chuyu-Team released v1.1.10-Beta2 at Chuyu-Team/YY-Thunks](https://github.com/Chuyu-Team/YY-Thunks/releases/tag/v1.1.10-Beta2)
  - [ ] [phra starred MatheuZSecurity/Singularity](https://github.com/MatheuZSecurity/Singularity)
  - [ ] [mgeeky starred moltbot/moltbot](https://github.com/moltbot/moltbot)
  - [ ] [zema1 starred Adaptix-Framework/Extension-Kit](https://github.com/Adaptix-Framework/Extension-Kit)
  - [ ] [PrefectHQ released 3.6.14.dev6 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.6.14.dev6)
  - [ ] [su18 forked su18/jdwp-mcp from navicore/jdwp-mcp](https://github.com/su18/jdwp-mcp)
  - [ ] [su18 starred navicore/jdwp-mcp](https://github.com/navicore/jdwp-mcp)
  - [ ] [DVKunion starred swisskyrepo/PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)
- SecWiki News
  - [ ] [SecWiki News 2026-01-28 Review](http://www.sec-wiki.com/?2026-01-28)
- 奇安信攻防社区
  - [ ] [从Prompt注入到Agent命令执行的LLM越狱技术剖析](https://forum.butian.net/share/4745)
- Doonsec's feed
  - [ ] [QVD-2025-44295：东方通TongWeb应用服务器ejbserver远程代码执行漏洞](https://mp.weixin.qq.com/s/vjQ2lGVNCMhMNWU4pw6U1A)
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
  - [ ] [Pwn2Own Automotive 2026 落幕：76 个零日漏洞被攻破，研究人员斩获百万美元奖金](https://www.4hou.com/posts/9jqY)
  - [ ] [紧急预警！2025Q4钓鱼邮件破4.25亿+银狐黑产肆虐，3大邮件安全方案速收](https://www.4hou.com/posts/mkKn)
  - [ ] [决胜2026：当AI开始攻破AI，我们还能做些什么？](https://www.4hou.com/posts/l0JV)
  - [ ] [国投智能“数据智能全家桶”重磅发布！打通数据洞察至业务行动的关键链路](https://www.4hou.com/posts/kgGK)
- Recent Commits to cve:main
  - [ ] [Update Wed Jan 28 11:09:28 UTC 2026](https://github.com/trickest/cve/commit/646fecc39c26696c9f26e3cf89b760ec9abb2597)
- 安全客-有思想的安全新媒体
  - [ ] [反制黑客：研究人员对“哈萨克远控木马”间谍攻击活动实施黑洞诱捕](https://www.anquanke.com/post/id/314594)
  - [ ] [人机验证陷阱：ClearFake恶意软件诱导用户自我入侵](https://www.anquanke.com/post/id/314580)
  - [ ] [“G_Wagon”恶意软件藏身仿冒NPM界面库，伺机窃取云服务密钥](https://www.anquanke.com/post/id/314577)
  - [ ] [CVE-2026-0994：谷歌Protocol Buffers曝出高严重性拒绝服务漏洞](https://www.anquanke.com/post/id/314571)
  - [ ] [法国将弃用Zoom和Teams，改用本土自主研发平台Visio](https://www.anquanke.com/post/id/314576)
  - [ ] [布鲁塞尔对马斯克旗下人工智能企业展开深度伪造调查，科技对峙局势升级](https://www.anquanke.com/post/id/314572)
  - [ ] [遭攻击：微软紧急修复Office零日漏洞（CVE-2026-21509），漏洞已在野被利用](https://www.anquanke.com/post/id/314561)
  - [ ] [标价6000美元的新型恶意软件工具包Stanley：借Chrome应用商店实现页面仿冒攻击](https://www.anquanke.com/post/id/314560)
  - [ ] [Descope推出面向AI代理与MCP生态的专用身份基础设施](https://www.anquanke.com/post/id/314555)
  - [ ] [CVE-2026-24656：Apache Karaf反序列化漏洞致系统面临拒绝服务风险](https://www.anquanke.com/post/id/314556)
- GuidePoint Security
  - [ ] [Security in the Vibe Code Era, Part 2: Policy Automation and the Competitive Dynamic](https://www.guidepointsecurity.com/blog/vibe-code-era-part-2-policy-automation-to-enable-the-competitive-dynamic/)
- Horizon3.ai
  - [ ] [CVE-2025-40551](https://horizon3.ai/attack-research/vulnerabilities/cve-2025-40551/)
  - [ ] [CVE-2025-40551: Another Solarwinds Web Help Desk Deserialization Issue](https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/)
- blog.avast.com EN
  - [ ] [My close call with an adoption scam and the red flags to watch for](https://blog.avast.com/adoption-scams)
- Malware-Traffic-Analysis.net - Blog Entries
  - [ ] [2026-01-20: Lumma Stealer infection with follow-up malware](https://www.malware-traffic-analysis.net/2026/01/20/index3.html)
  - [ ] [2026-01-20: VIP Recovery infection with FTP data exfiltration traffic](https://www.malware-traffic-analysis.net/2026/01/20/index2.html)
  - [ ] [2026-01-20: Xworm infection](https://www.malware-traffic-analysis.net/2026/01/20/index.html)
- Malwarebytes
  - [ ] [Malicious Chrome extensions can spy on your ChatGPT chats](https://www.malwarebytes.com/blog/news/2026/01/malicious-chrome-extensions-can-spy-on-your-chatgpt-chats)
  - [ ] [WhatsApp rolls out new protections against advanced exploits and spyware](https://www.malwarebytes.com/blog/news/2026/01/whatsapp-rolls-out-new-protections-against-advanced-exploits-and-spyware)
- Intigriti
  - [ ] [Intigriti 0126 CTF Challenge: Exploiting insecure postMessage handlers](https://www.intigriti.com/researchers/blog/hacking-tools/january-ctf-challenge-exploiting-postmessage-xss)
- daniel.haxx.se
  - [ ] [curl distro meeting 2026](https://daniel.haxx.se/blog/2026/01/28/curl-distro-meeting-2026/)
- 奇客Solidot–传递最新科技情报
  - [ ] [Vibe Coding 杀死开源](https://www.solidot.org/story?sid=83422)
  - [ ] [Anthropic 如何构建 Claude](https://www.solidot.org/story?sid=83421)
  - [ ] [OpenAI 科学部门负责人称大模型尚未准备好产生新发现](https://www.solidot.org/story?sid=83420)
  - [ ] [法国政府将用本国平台取代美国的 Teams 和 Zoom](https://www.solidot.org/story?sid=83419)
  - [ ] [印尼发现距今 6.78 万年的岩画](https://www.solidot.org/story?sid=83418)
  - [ ] [末日时钟被设定距离午夜 85 秒](https://www.solidot.org/story?sid=83417)
  - [ ] [微软错误配置将 example.com 流量重路由到日本公司域名](https://www.solidot.org/story?sid=83416)
  - [ ] [美国政府去年有逾万名 STEM 博士离职](https://www.solidot.org/story?sid=83415)
  - [ ] [利用电和空气生成汽油正走向现实](https://www.solidot.org/story?sid=83414)
  - [ ] [癌症防止阿尔茨海默病背后的机制](https://www.solidot.org/story?sid=83413)
  - [ ] [探索AI与GPU开发的无限可能，加入 NVIDIA 开发者计划，开启你的加速之旅！](https://www.solidot.org/story?sid=83412)
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
  - [ ] [奔驰CEO：卢特尼克曾邀其将总部迁至美国](https://blog.upx8.com/%E5%A5%94%E9%A9%B0CEO-%E5%8D%A2%E7%89%B9%E5%B0%BC%E5%85%8B%E6%9B%BE%E9%82%80%E5%85%B6%E5%B0%86%E6%80%BB%E9%83%A8%E8%BF%81%E8%87%B3%E7%BE%8E%E5%9B%BD)
  - [ ] [特斯拉公司第四季度净利润同比大降61%](https://blog.upx8.com/%E7%89%B9%E6%96%AF%E6%8B%89%E5%85%AC%E5%8F%B8%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%BA%A6%E5%87%80%E5%88%A9%E6%B6%A6%E5%90%8C%E6%AF%94%E5%A4%A7%E9%99%8D61)
  - [ ] [英国承诺为所有劳动者提供线上AI培训](https://blog.upx8.com/%E8%8B%B1%E5%9B%BD%E6%89%BF%E8%AF%BA%E4%B8%BA%E6%89%80%E6%9C%89%E5%8A%B3%E5%8A%A8%E8%80%85%E6%8F%90%E4%BE%9B%E7%BA%BF%E4%B8%8AAI%E5%9F%B9%E8%AE%AD)
  - [ ] [日本团队启动全球首例防陆地暴雨的人工降雨实验](https://blog.upx8.com/%E6%97%A5%E6%9C%AC%E5%9B%A2%E9%98%9F%E5%90%AF%E5%8A%A8%E5%85%A8%E7%90%83%E9%A6%96%E4%BE%8B%E9%98%B2%E9%99%86%E5%9C%B0%E6%9A%B4%E9%9B%A8%E7%9A%84%E4%BA%BA%E5%B7%A5%E9%99%8D%E9%9B%A8%E5%AE%9E%E9%AA%8C)
- HackerNews
  - [ ] [SoundCloud 数据泄露事件影响 2980 万账户](https://hackernews.cc/archives/62435)
  - [ ] [俄罗斯安防系统公司 Delta 遭网络攻击致服务中断](https://hackernews.cc/archives/62433)
  - [ ] [浏览器扩展程序被曝窃取 ChatGPT 会话数据](https://hackernews.cc/archives/62434)
  - [ ] [PackageGate 漏洞威胁 JavaScript 生态系统安全](https://hackernews.cc/archives/62444)
  - [ ] [Shadowserver 发现 6000 多台易受攻击的 SmarterMail 服务器暴露于网络](https://hackernews.cc/archives/62436)
  - [ ] [朝鲜黑客利用 AI 生成的 PowerShell 后门程序瞄准区块链开发者](https://hackernews.cc/archives/62432)
  - [ ] [WhatsApp 推出”锁闭式”安全模式 保护特定用户免受间谍软件攻击](https://hackernews.cc/archives/62437)
- 安全分析与研究
  - [ ] [CNC APT组织最新攻击活动分析](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247495526&idx=1&sn=49be5f53662fd6c420e8df1d7426f2f7)
  - [ ] [伪装成WPS程序银狐黑产最新注入型攻击样本分析](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247495526&idx=2&sn=3db68533fbdd1d389022a659759453e1)
- Source Incite
  - [ ] [Samstung Part 2 :: Remote Code Execution in MagicINFO 9 Server](https://srcincite.io/blog/2026/01/28/samstung-part-2-remote-code-execution-in-magicinfo-server.html)
  - [ ] [Samstung Part 1 :: Remote Code Execution in MagicINFO 9 Server](https://srcincite.io/blog/2026/01/28/samstung-part-1-remote-code-execution-in-magicinfo-server.html)
- vivo千镜
  - [ ] [国际数据隐私日 | vivo，让每一次隐私访问都“看得见、信得过”](https://mp.weixin.qq.com/s?__biz=MzI0Njg4NzE3MQ==&mid=2247492273&idx=1&sn=e390ea5f8f96e52ceee6ac08f023e242)
- 威努特安全网络
  - [ ] [威努特全光网络：医院数字化转型的“光”引擎](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651139812&idx=1&sn=009c19ffd8e6fdbf0abcc90398b8cc46)
- 安全客
  - [ ] [耐克1.4TB核心数据被黑客组织公开：含未发布产品设计与供应链机密](https://mp.weixin.qq.com/s?__biz=MzA5ODA0NDE2MA==&mid=2649789652&idx=1&sn=34bb6ecf338873a0298daf570e2f89d7)
- Black Hills Information Security, Inc.
  - [ ] [Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions](https://www.blackhillsinfosec.com/social-engineering-and-microsoft-sspr/)
- 青衣十三楼飞花堂
  - [ ] [字幕组的平替](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247489004&idx=1&sn=9d2e83e7d7f9314cf0bbf4a9cf4595de)
- 代码卫士
  - [ ] [热门包管理器中存在多个漏洞，JavaScript 生态系统易受供应链攻击](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247524984&idx=1&sn=19aef4ce8e288278782458e430a710d8)
  - [ ] [热门 NodeJS 库 vm2中存在严重的沙箱逃逸漏洞](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247524984&idx=2&sn=e5fceae455445bc2b4660ccfb24127dd)
- 黑鸟
  - [ ] [越南黑客组织使用Ai构建网攻工具集](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451185029&idx=1&sn=c54981eeaa6e593e5c615b70b8e40ffd)
- 安全内参
  - [ ] [国家级攻防演习结果公布：政府系统全沦陷 公民数据可任意访问](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515515&idx=1&sn=c7ff819120fc57810cbe5824ce30ccee)
  - [ ] [“一带一路”背景下中国海外数字利益保护问题与对策](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515515&idx=2&sn=b8865caca549679d76ea1b14848a24df)
- 天黑说嘿话
  - [ ] [基于DeepSeek的代码审计工具 (Ai-SAST-tool.xjar)](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247485968&idx=1&sn=074cf0988ac928769975ca76f04dc391)
- 安全学术圈
  - [ ] [MEGR-APT：一种基于攻击表示学习的内存高效APT狩猎系统](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247494911&idx=1&sn=939f9df95c91231c053e837a4c333368)
- 奇安信 CERT
  - [ ] [【已复现】SmarterTools SmarterMail 远程代码执行漏洞(CVE-2026-24423)安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247504548&idx=1&sn=3ec06d42760edb5b95e85ea6888dae63)
  - [ ] [【在野利用】Fortinet 多款产品身份认证绕过漏洞(CVE-2026-24858)安全风险通告](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247504548&idx=2&sn=82db7c283ba71172c1615913d7671f48)
- 安全研究GoSSIP
  - [ ] [G.O.S.S.I.P 阅读推荐 2026-01-28 AI罗宾汉](https://mp.weixin.qq.com/s?__biz=Mzg5ODUxMzg0Ng==&mid=2247501345&idx=1&sn=301eae8d49d8565b27b2526cb6b15fdb)
- 信息安全国家工程研究中心
  - [ ] [深化网络空间安全综合治理主要有哪些要求？](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247502798&idx=1&sn=5e90df3daeddd62137100dd4ea6c686d)
- 安全圈
  - [ ] [【安全圈】谷歌警告WinRAR必须更新！漏洞正被黑客疯狂利用：已有大量用户中招](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652073891&idx=1&sn=5a28b35ef1f9877f68769c480ec7c614)
  - [ ] [【安全圈】Office漏洞正被黑客大量利用！2016、2019、2021、365全中招](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652073891&idx=2&sn=37b25475a55602fcc0f9d4adb0230448)
  - [ ] [【安全圈】消息称耐克遭暗网黑客入侵，1.4 TB 数据遭泄露](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652073891&idx=3&sn=1a35e5886b4e61f72d6a74b570283b18)
- XCTF联赛
  - [ ] [抢占决赛席位！“网络安全技能能手”2026年第1期培训通知](https://mp.weixin.qq.com/s?__biz=MjM5NDU3MjExNw==&mid=2247516162&idx=1&sn=f81b09b45aa46626c33ba46500df570e)
- 中国信息安全
  - [ ] [中国信通院副院长魏亮：网络安全产业发展态势洞察与对策建议](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664258292&idx=1&sn=8ddb5f682e2cb87d7b8578b9d5d6a58f)
  - [ ] [CNNVD | 关于Microsoft Office安全漏洞的通报](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664258292&idx=2&sn=b7765078147d374971d27457ccee4f3a)
  - [ ] [专家观点 | 构建更完善的个人信息保护制度框架——《互联网应用程序个人信息收集使用规定（征求意见稿）》的主要亮点与完善建议](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664258292&idx=3&sn=2b9c4f36e3019ee1c823bfbe91dae3ea)
  - [ ] [国际 | 欧盟健康数据跨境传输规则](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664258292&idx=4&sn=c4c8f6ebffb9cfecc5acbfb1e351a49a)
  - [ ] [评论 | 以共治举措守护清朗网络空间](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664258292&idx=5&sn=3cbbcf1d4192f44e4a0a45494c861f6a)
- 安全牛
  - [ ] [网络犯罪进入第五波：AI把黑客技能变成“月租服务”](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140360&idx=1&sn=7724a3acac063fbbaee35c20eea6824a)
  - [ ] [长亭科技宣布完成最新一笔5亿元融资；工信部提醒：从脚本到深度伪造：东南亚“杀猪盘”诈骗工厂的技术化运作内幕| 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140360&idx=2&sn=7207ff577e6d6aaa4f96663b4abc201f)
  - [ ] [《安全企业出海和全球化业务发展模式（2026版）》研究报告正式启动](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140360&idx=3&sn=97f17712cc8e1e1a019b83020e8165c2)
- 看雪学苑
  - [ ] [APP风控参数分析&Frida绕过](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458608753&idx=1&sn=df2711ac0d706281b8d43a466004fa88)
  - [ ] [周六19点 | 如何绕过路由器的认证机制？D-Link设备漏洞挖掘实战直播](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458608753&idx=2&sn=9a4513bbabaae7ccc05bd7139de32feb)
  - [ ] [1.4TB设计文件遭窃！Nike核心数据库被“端”，未来新品面临全面泄露风险](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458608753&idx=3&sn=8c5192d0d329c3c40325e029e7967809)
- 补天平台
  - [ ] [补天春节快闪！速来⏳10个漏洞轻松赢礼盒，限时掉落！](https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247510181&idx=1&sn=0a0f911338d32b56abb675f7cac32e68)
- 网络空间安全科学学报
  - [ ] [学术前沿 | 北京邮电大学陶小峰教授团队：星地融合网络身份认证技术综述](https://mp.weixin.qq.com/s?__biz=MzI0NjU2NDMwNQ==&mid=2247507155&idx=1&sn=022883ae664ee13ae83d319e549a2e1e)
- 阿里安全响应中心
  - [ ] [王牌A计划——十二月月度奖励](https://mp.weixin.qq.com/s?__biz=MzIxMjEwNTc4NA==&mid=2652998548&idx=1&sn=48a139b53cdc30f94ad01ab4fcf07833)
- 极客公园
  - [ ] [Clawdbot 爆火以后，这条硬件赛道成了最大受益者](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653097915&idx=1&sn=6bce7ce977e9ca3c546d9c093ffb5519)
  - [ ] [教大家一个白嫖新招：撺掇老板买这个「会议神器」，带回家搞视频自媒体](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653097903&idx=1&sn=5385b6e68ed516c448e9fb0ea4d99614)
  - [ ] [OpenAI 发布科研协作空间 Prism；比亚迪全年出货量首超特斯拉；收购 Manus，Meta 将在三大平台测试高级 AI 订阅服务｜极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653097886&idx=1&sn=2d3ed4e521a4a246a0be7d4de2a5ff3f)
- 嘶吼专业版
  - [ ] [决胜2026：当AI开始攻破AI，我们还能做些什么？](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247586526&idx=1&sn=d2109395317647c98bd7c2bd9e079342)
  - [ ] [Pwn2Own Automotive 2026 落幕：76 个零日漏洞被攻破，研究人员斩获百万美元奖金](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247586526&idx=2&sn=d2ab675855e8ce84afaf88acbcb53c9d)
- 吴鲁加
  - [ ] [公司 21 岁了](https://mp.weixin.qq.com/s?__biz=Mzg5NDY4ODM1MA==&mid=2247485849&idx=1&sn=838d8c91f09e90afe078c5da4036247f)
- 数世咨询
  - [ ] [AI 超越勒索软件，成为增长最快的网络安全风险](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541579&idx=1&sn=eb1adc44624acdc1b568c36b4581feb5)
- ChaMd5安全团队
  - [ ] [LilacCTF 2026 Writeup by Mini-Venom](https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247514105&idx=1&sn=63f1c2bc57446b7d314f20e54f6523dc)
- 火绒安全
  - [ ] [火绒小问答——「企业版」U盘使用管理](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247530177&idx=1&sn=51d2203b2ba412939dd09edf720068ed)
  - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247530177&idx=2&sn=254b0d4f62e3291771ea0adc89554cdf)
- 吾爱破解论坛
  - [ ] [手把手教你给某讯滑块的JSVMP写反编译器 (如宝宝辅食一样易懂)](https://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&mid=2651143512&idx=1&sn=4438947015b9ae3202953b4a24c6ade9)
- 深信服千里目安全技术中心
  - [ ] [【漏洞通告】Microsoft Office 安全功能绕过漏洞(CVE-2026-21509)](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525003&idx=1&sn=86cbde8e44b1d3c4a12735928ef89679)
  - [ ] [网络安全信息与动态周报2026年第4期（1月19日-1月25日）](https://mp.weixin.qq.com/s?__biz=Mzg2NjgzNjA5NQ==&mid=2247525003&idx=2&sn=33eb3b17a191f0872d3b3a5d9441f14d)
- 迪哥讲事
  - [ ] [极容易被忽视的信息泄露思路](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247498978&idx=1&sn=6db4578303907077ca6e3af506c57997)
- 360数字安全
  - [ ] [81%中高危漏洞！360年度漏洞报告出炉：攻防进入AI时代](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247584705&idx=1&sn=4905d62688a89808180dfa7a486de44f)
- 情报分析师
  - [ ] [CIA的温和提取术，揭秘特工对话渗透训练课程](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650566526&idx=1&sn=926939d435c847c531a50cb42004fcc9)
  - [ ] [【深度研判】欧盟—印度自贸协定中的“贸易替代”效应深入分析](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650566526&idx=2&sn=fb05aadc6165f635fcd4733eea02ec96)
- ICT Security Magazine
  - [ ] [Supply Chain Sovereignty: quando l’M&A diventa vettore di compromissione OT](https://www.ictsecuritymagazine.com/articoli/supply-chain-sovereignty/)
  - [ ] [Direttiva CER: resilienza delle entità critiche](https://www.ictsecuritymagazine.com/articoli/direttiva-cer/)
- 网安国际
  - [ ] [CCF网络与系统安全学术论坛在浙大举办](https://mp.weixin.qq.com/s?__biz=MzA4ODYzMjU0NQ==&mid=2652318160&idx=1&sn=70ca0408aa8405f218f405a74492e224)
- Lenny Zeltser
  - [ ] [The Chief Insecurity Officer](https://zeltser.com/chief-insecurity-officer/)
- SANS Internet Storm Center, InfoCON: green
  - [ ] [Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop&#x3f;, (Wed, Jan 28th)](https://isc.sans.edu/diary/rss/32662)
  - [ ] [ISC Stormcast For Wednesday, January 28th, 2026 https://isc.sans.edu/podcastdetail/9784, (Wed, Jan 28th)](https://isc.sans.edu/diary/rss/32660)
- Over Security - Cybersecurity news aggregator
  - [ ] [Initial access hackers switch to Tsundere Bot for ransomware attacks](https://www.bleepingcomputer.com/news/security/initial-access-hackers-switch-to-tsundere-bot-for-ransomware-attacks/)
  - [ ] [Cyberattack on Polish energy grid impacted around 30 facilities](https://www.bleepingcomputer.com/news/security/cyberattack-on-polish-energy-grid-impacted-around-30-facilities/)
  - [ ] [Who Operates the Badbox 2.0 Botnet?](https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/)
  - [ ] [eScan confirms update server breached to push malicious update](https://www.bleepingcomputer.com/news/security/escan-confirms-update-server-breached-to-push-malicious-update/)
  - [ ] [Viral Moltbot AI assistant raises concerns over data security](https://www.bleepingcomputer.com/news/security/viral-moltbot-ai-assistant-raises-concerns-over-data-security/)
  - [ ] [New sandbox escape flaw exposes n8n instances to RCE attacks](https://www.bleepingcomputer.com/news/security/new-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks/)
  - [ ] [FTC commissioner says online age verification ‘offers a better way’ to protect kids](https://therecord.media/ftc-commissioner-age-verification-children-online)
  - [ ] [FBI seizes RAMP cybercrime forum used by ransomware gangs](https://www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/)
  - [ ] [Empire cybercrime market owner pleads guilty to drug conspiracy](https://www.bleepingcomputer.com/news/security/empire-cybercrime-market-owner-pleads-guilty-to-drug-conspiracy/)
  - [ ] [Teen swatting suspects arrested in Hungary and Romania](https://therecord.media/teen-swatting-doxxing-suspects-arrested-hungary-romania)
  - [ ] [AI Is Rewriting Compliance Controls and CISOs Must Take Notice](https://www.bleepingcomputer.com/news/security/ai-is-rewriting-compliance-controls-and-cisos-must-take-notice/)
  - [ ] [SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws](https://www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/)
  - [ ] [Cyberattack on Poland’s power grid hit around 30 energy facilities, new report says](https://therecord.media/poland-electrical-grid-cyberattack-30-facilities-affected)
  - [ ] [Grok sotto indagine UE: dall’algoritmo al danno sistemico](https://www.cybersecurity360.it/news/grok-sotto-indagine-ue-dallalgoritmo-al-danno-sistemico/)
  - [ ] [UK leaders warned country risks 'absorbing' cyber and hybrid attacks without offensive deterrence](https://therecord.media/uk-government-warned-cyber-hybrid-threats-offensive-operations)
  - [ ] [Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation](https://www.bleepingcomputer.com/news/security/hackers-hijack-exposed-llm-endpoints-in-bizarre-bazaar-operation/)
  - [ ] [Slovakian man pleads guilty to operating darknet marketplace](https://www.bleepingcomputer.com/news/security/slovakian-man-pleads-guilty-to-operating-kingdown-market-cybercrime-marketplace/)
  - [ ] [Attackers Taking Over a Real Enterprise Email Thread to Deliver Phishing](https://any.run/cybersecurity-blog/enterprise-email-thread-phishing/)
  - [ ] [New WhatsApp lockdown feature protects high-risk users from hackers](https://www.bleepingcomputer.com/news/security/whatsapp-gets-new-lockdown-feature-that-blocks-cyberattacks/)
  - [ ] [Sicurezza degli agenti LLM: serve un framework unificato](https://www.cybersecurity360.it/nuove-minacce/sicurezza-degli-agenti-llm-serve-un-framework-unificato/)
  - [ ] [When Attackers Build Better Products Than Startups](https://bfore.ai/blog/when-attackers-build-better-products-than-startups/)
  - [ ] [Data protection day: nell’era dell’AI agentica serve una disciplina di resilienza](https://www.cybersecurity360.it/news/data-protection-day-2026-giornata-protezione-ei-dati/)
  - [ ] [The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes](https://cyble.com/blog/week-in-vulnerabilities-oracle-openstack/)
  - [ ] [Cyber security: sta tornando il grande rimescolamento](https://www.cybersecurity360.it/outlook/cyber-security-sta-tornando-il-grande-rimescolamento/)
  - [ ] [Perché le aziende faticano a integrare l’intelligenza artificiale](https://www.guerredirete.it/perche-le-aziende-faticano-a-integrare-lintelligenza-artificiale/)
  - [ ] [OpenAI's ChatGPT ad costs are on par with live NFL broadcasts](https://www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-ad-costs-are-on-par-with-live-nfl-broadcasts/)
- 安全419
  - [ ] [2026年十大关键AI安全控制措施：从深度可视到持续验证](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247552246&idx=1&sn=7be0af7439a55878711480bc43c53272)
- Instapaper: Unread
  - [ ] [Ufficio denunce, così diventa hub di triage forense](https://www.agendadigitale.eu/sicurezza/ufficio-denunce-cosi-diventa-hub-di-triage-forense/)
  - [ ] [Uk, per anni spiati i telefoni degli staff di tre Primi ministri. Sospetti sulla Cina](https://www.cybersecitalia.it/uk-per-anni-spiati-i-telefoni-degli-staff-di-tre-primi-ministri-sospetti-sulla-cina/58645/)
  - [ ] [Sfruttate utenze della PA compromesse per tentare il furto di credenziali Microsoft 365 tramite Figma](https://cert-agid.gov.it/news/sfruttate-utenze-della-pa-compromesse-per-tentare-il-furto-di-credenziali-microsoft-365-tramite-figma/)
  - [ ] [I primi minuti di un incidente di sicurezza come fondamento della prova forense](https://www.cybersecurity360.it/legal/i-primi-minuti-di-un-incidente-di-sicurezza-come-fondamento-della-prova-forense/)
  - [ ] [WhatsApp unveils anti-spyware ‘lockdown’ feature](https://therecord.media/whatsapp-spyware-anti-lockdown)
- The Hacker News
  - [ ] [Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware](https://thehackernews.com/2026/01/fake-moltbot-ai-coding-assistant-on-vs.html)
  - [ ] [Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid](https://thehackernews.com/2026/01/russian-electrum-tied-to-december-2025.html)
  - [ ] [Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution](https://thehackernews.com/2026/01/two-high-severity-n8n-flaws-allow.html)
  - [ ] [From Triage to Threat Hunts: How AI Accelerates SecOps](https://thehackernews.com/2026/01/from-triage-to-threat-hunts-how-ai.html)
  - [ ] [Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution](https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox.html)
  - [ ] [Mustang Panda Deploys Updated COOLCLIENT Backdoor in Government Cyber Attacks](https://thehackernews.com/2026/01/mustang-panda-deploys-updated.html)
  - [ ] [Password Reuse in Disguise: An Often-Missed Risky Workaround](https://thehackernews.com/2026/01/password-reuse-in-disguise-often-missed.html)
  - [ ] [Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088](https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html)
  - [ ] [Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan](https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html)
  - [ ] [Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected](https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html)
- GRAHAM CLULEY
  - [ ] [Four arrested in crackdown on Discord-based SWATting and doxing](https://www.bitdefender.com/en-us/blog/hotforsecurity/four-arrested-crackdown-discord-swatting-doxing)
  - [ ] [Beware! Fake ChatGPT browser extensions are stealing your login credentials](https://www.bitdefender.com/en-us/blog/hotforsecurity/beware-fake-chatgpt-browser-extensions-are-stealing-your-login-credentials)
- SEI Blog
  - [ ] [From Concept to Practice: How SSVC Has Evolved to Make Adoption Possible](https://www.sei.cmu.edu/blog/from-concept-to-practice-how-ssvc-has-evolved-to-make-adoption-possible/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates)
- Security Affairs
  - [ ] [U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/187435/security/u-s-cisa-adds-a-flaw-in-multiple-fortinet-products-to-its-known-exploited-vulnerabilities-catalog-2.html)
  - [ ] [Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)](https://securityaffairs.com/187426/security/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858.html)
  - [ ] [PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun](https://securityaffairs.com/187416/hacking/packagegate-bugs-let-attackers-bypass-protections-in-npm-pnpm-vlt-and-bun.html)
- The Register - Security
  - [ ] [Ransomware crims forced to take off-RAMP as FBI seizes forum](https://go.theregister.com/feed/www.theregister.com/2026/01/28/fbi_seizes_ramp_forum/)
  - [ ] [Everybody is WinRAR phishing, dropping RATs as fast as lightning](https://go.theregister.com/feed/www.theregister.com/2026/01/28/winrar_bug_under_attack/)
  - [ ] [Fortinet unearths another critical bug as SSO accounts borked post-patch](https://go.theregister.com/feed/www.theregister.com/2026/01/28/fortinet_forticloud_vuln/)
  - [ ] [Old Windows quirks help punch through new admin defenses](https://go.theregister.com/feed/www.theregister.com/2026/01/28/google_windows_admin_exploit/)
- TorrentFreak
  - [ ] [Spotify’s Crackdown on Anna’s Archive Domains Hits a Jurisdiction Snag](https://torrentfreak.com/spotifys-crackdown-on-annas-archive-domains-hits-a-jurisdiction-snag/)
- Deeplinks
  - [ ] [✍️ The Bill to Hand Parenting to Big Tech | EFFector 38.2](https://www.eff.org/deeplinks/2026/01/bill-hand-parenting-big-tech-effector-382)
  - [ ] [DSA Human Rights Alliance Publishes Principles Calling for DSA Enforcement to Incorporate Global Perspectives](https://www.eff.org/deeplinks/2026/01/dsa-human-rights-alliance-publishes-principles-calling-dsa-enforcement-1)
- Security Weekly Podcast Network (Audio)
  - [ ] [Cloud Control As Leaders At Odds Over Cyber Priorities, But Require Strong Leadership - Rob Allen - BSW #432](http://sites.libsyn.com/18678/cloud-control-as-leaders-at-odds-over-cyber-priorities-but-require-strong-leadership-rob-allen-bsw-432)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[每日信息流] 2026-01-29 #1132

每日安全资讯（2026-01-29）

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[每日信息流] 2026-01-29 #1132

Description

每日安全资讯（2026-01-29）

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions