# 每日安全资讯(2026-03-04) - SecWiki News - [ ] [SecWiki News 2026-03-03 Review](http://www.sec-wiki.com/?2026-03-03) - Doonsec's feed - [ ] [记一次某证书站edusrc](https://mp.weixin.qq.com/s/2YliuA_UFayeeS-_xjOBpA) - [ ] [美以空袭伊朗后,霍尔木兹海峡遭遇罕见GPS攻击潮](https://mp.weixin.qq.com/s/gf0W30cf-ftc7WWM9tRAyw) - [ ] [WebShell免杀之jsp篇](https://mp.weixin.qq.com/s/SP_rfTqPagFVo3IVqgJ10Q) - [ ] [记一次差点进编制的漏洞测试](https://mp.weixin.qq.com/s/bxuTgsrQLUxYr7WSX1czfw) - [ ] [【服务端漏洞-访问控制缺失-第二章第五节】挖掘小众漏洞:平行越权(横向权限提升)的利用与实例](https://mp.weixin.qq.com/s/7l_SjdFgQ5nrzLVeAKc9mQ) - [ ] [\"成事儿\"与\"一把手工程\"](https://mp.weixin.qq.com/s/UDrILAw7ABsR0G2s0f9R-g) - [ ] [OpenClaw本地AI Agent零交互接管攻击链分析与思考|ClawJacked【CVE-2026-25253】](https://mp.weixin.qq.com/s/ORmMMbZjLe5eUz2h35SEjQ) - [ ] [元宵花灯映团圆,网络安全护平安!](https://mp.weixin.qq.com/s/fI7ZwfRCTffQX5YiNt2EHQ) - [ ] [网警喊你解锁 “数字元宵” 新玩法](https://mp.weixin.qq.com/s/EHrmXdJa0EjIX1gUaGlYyg) - 安全客-有思想的安全新媒体 - [ ] [黑客如何将Windows文件管理器变为远程控制木马的隐蔽入口](https://www.anquanke.com/post/id/314921) - [ ] [FreeBSD高危漏洞可致系统崩溃并实现虚拟机逃逸](https://www.anquanke.com/post/id/314926) - [ ] [谷歌发布Nano Banana 2模型,基于Gemini实现4K标准化AI图像生成](https://www.anquanke.com/post/id/314930) - [ ] [Zyxel多款路由器曝高危漏洞,可被远程命令注入攻击](https://www.anquanke.com/post/id/314935) - [ ] [趋势科技Apex One曝高危漏洞 可被利用执行恶意代码](https://www.anquanke.com/post/id/314940) - [ ] [钓鱼攻击滥用.arpa顶级域与IPv6隧道绕过检测](https://www.anquanke.com/post/id/314938) - [ ] [SonicWall大规模侦察活动频发 勒索软件攻击迫在眉睫](https://www.anquanke.com/post/id/314947) - [ ] [Vshell逐渐成为威胁分子的常用工具,被当作Cobalt Strike替代方案](https://www.anquanke.com/post/id/314951) - [ ] [Metasploit针对Linux RC4漏洞、BeyondTrust及注册表持久化攻击新增模块](https://www.anquanke.com/post/id/314945) - [ ] [恶意网站利用OpenClaw零点击漏洞可劫持开发者AI智能体](https://www.anquanke.com/post/id/314922) - Recent Commits to cve:main - [ ] [Update Tue Mar 3 11:34:25 UTC 2026](https://github.com/trickest/cve/commit/e890a513007973a24ec17cbc063e6ba1c0f82973) - 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com - [ ] [嘶吼快讯|网安厂商动态汇(第13期)](https://www.4hou.com/posts/qoGy) - [ ] [打破边界防御思维!AI驱动攻击席卷55国,600台防火墙敲响警钟](https://www.4hou.com/posts/pnEy) - [ ] [2025年勒索软件攻击事件激增,但受害者支付率跌至历史新低](https://www.4hou.com/posts/jBx4) - Microsoft Security Blog - [ ] [Signed malware impersonating workplace apps deploys RMM backdoors](https://www.microsoft.com/en-us/security/blog/2026/03/03/signed-malware-impersonating-workplace-apps-deploys-rmm-backdoors/) - Tenable Blog - [ ] [Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations](https://www.tenable.com/blog/operation-epic-fury-potential-iranian-cyber-counteroffensive-operations) - ElcomSoft blog - [ ] [Investigating Windows File System Artifacts Under C:\Windows](https://blog.elcomsoft.com/2026/03/investigating-windows-file-system-artifacts-under-cwindows/) - Private Feed for M09Ic - [ ] [pydantic released v1.65.0 at pydantic/pydantic-ai](https://github.com/pydantic/pydantic-ai/releases/tag/v1.65.0) - [ ] [github released v0.1.13 at github/spec-kit](https://github.com/github/spec-kit/releases/tag/v0.1.13) - [ ] [kpcyrd contributed to nicoburns/blessed-rs](https://github.com/nicoburns/blessed-rs/pull/182) - [ ] [zeroclaw-labs released v0.1.8-alpha.1 at zeroclaw-labs/zeroclaw](https://github.com/zeroclaw-labs/zeroclaw/releases/tag/v0.1.8-alpha.1) - [ ] [kpcyrd forked kpcyrd/blessed-rs from nicoburns/blessed-rs](https://github.com/kpcyrd/blessed-rs) - [ ] [mgeeky starred ZephrFish/ludus-defender-lab](https://github.com/ZephrFish/ludus-defender-lab) - [ ] [xnl-h4ck3r released v8.6 at xnl-h4ck3r/waymore](https://github.com/xnl-h4ck3r/waymore/releases/tag/v8.6) - [ ] [kpcyrd contributed to rustsec/rustsec](https://github.com/rustsec/rustsec/pull/1554) - [ ] [rabbitmask starred ricequant/rqalpha](https://github.com/ricequant/rqalpha) - [ ] [safedv starred trustedsec/Titanis](https://github.com/trustedsec/Titanis) - [ ] [zema1 starred ricardojoserf/SAMDump](https://github.com/ricardojoserf/SAMDump) - [ ] [future-architect released v0.38.5 at future-architect/vuls](https://github.com/future-architect/vuls/releases/tag/v0.38.5) - [ ] [lz520520 starred 0xlane/com-process-inject](https://github.com/0xlane/com-process-inject) - [ ] [kpcyrd contributed to archlinux/archweb](https://github.com/archlinux/archweb/pull/643) - [ ] [Rvn0xsy forked Rvn0xsy/Mythic-MCP from nbaertsch/Mythic-MCP](https://github.com/Rvn0xsy/Mythic-MCP) - [ ] [Rvn0xsy starred nbaertsch/Mythic-MCP](https://github.com/nbaertsch/Mythic-MCP) - [ ] [CHYbeta starred langchain-ai/deepagents](https://github.com/langchain-ai/deepagents) - [ ] [Mel0day starred anomalyco/opencode](https://github.com/anomalyco/opencode) - [ ] [ManassehZhou starred router-for-me/CLIProxyAPI](https://github.com/router-for-me/CLIProxyAPI) - [ ] [mgeeky starred Whispergate/berlin](https://github.com/Whispergate/berlin) - CXSECURITY Database RSS Feed - CXSecurity.com - [ ] [WeGIA < = 3.6.4 Remote Code Execution via OS Command Injection](https://cxsecurity.com/issue/WLB-2026030009) - [ ] [WordPress Backup Migration 1.3.7 Remote Command Execution](https://cxsecurity.com/issue/WLB-2026030008) - [ ] [WeGIA 3.5.0 SQL Injection](https://cxsecurity.com/issue/WLB-2026030007) - Insinuator.net - [ ] [BlackBoxAI: AI Agent can get your computer fully compromised](https://insinuator.net/2026/03/blackboxai-ai-agent-can-get-your-computer-fully-compromised/) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [♂️ Pulling Off the Heist: A Methodical HTB Takedown](https://infosecwriteups.com/%EF%B8%8F-pulling-off-the-heist-a-methodical-htb-takedown-c4829c144bb2?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Portswigger Walkthrough Lab: Username enumeration via subtly different responses](https://infosecwriteups.com/portswigger-walkthrough-lab-username-enumeration-via-subtly-different-responses-715467f0d2e8?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [Turning Threat Intelligence into Bug Bounty Gold: A Practical Workflow](https://infosecwriteups.com/turning-threat-intelligence-into-bug-bounty-gold-a-practical-workflow-e5f36fbf1552?source=rss----7b722bfd1b8d--bug_bounty) - GuidePoint Security - [ ] [Ransomware Groups That Defined the Threat Landscape in 2025](https://www.guidepointsecurity.com/blog/ransomware-groups-in-2025-grit-2026-ransomware-cyber-threat-report/) - Payatu - [ ] [Top 5 IoT Security Companies in India 2026](https://payatu.com/blog/top-5-iot-security-companies-india/) - Reverse Engineering - [ ] [Reverse Engineering Crazy Taxi, Part 1](https://www.reddit.com/r/ReverseEngineering/comments/1rjy8ej/reverse_engineering_crazy_taxi_part_1/) - [ ] [Dealing with a modified UPX variant in DvdShrink - Quick Unpacking Walkthrough](https://www.reddit.com/r/ReverseEngineering/comments/1rjepj9/dealing_with_a_modified_upx_variant_in_dvdshrink/) - [ ] [Downland Unearthed Final: Porting The Game To Over A Dozen Platforms](https://www.reddit.com/r/ReverseEngineering/comments/1rjrahj/downland_unearthed_final_porting_the_game_to_over/) - [ ] [[Tool Release] DLLHijackHunter - Automated DLL hijacking detection with canary confirmation](https://www.reddit.com/r/ReverseEngineering/comments/1rjnbj4/tool_release_dllhijackhunter_automated_dll/) - Malwarebytes - [ ] [Pentagon ditches Anthropic AI over “security risk” and OpenAI takes over](https://www.malwarebytes.com/blog/news/2026/03/pentagon-ditches-anthropic-ai-over-security-risk-and-openai-takes-over) - [ ] [Chrome flaw let extensions hijack Gemini’s camera, mic, and file access](https://www.malwarebytes.com/blog/news/2026/03/chrome-flaw-let-extensions-hijack-geminis-camera-mic-and-file-access) - Exploit-DB.com RSS Feed - [ ] [[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution](https://www.exploit-db.com/exploits/52486) - [ ] [[webapps] mailcow 2025-01a - Host Header Password Reset Poisoning](https://www.exploit-db.com/exploits/52485) - [ ] [[webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow](https://www.exploit-db.com/exploits/52484) - [ ] [[webapps] WeGIA 3.5.0 - SQL Injection](https://www.exploit-db.com/exploits/52483) - [ ] [[webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)](https://www.exploit-db.com/exploits/52482) - HackerNews - [ ] [美以与伊朗互施网络攻击:亲西方黑客制造混乱,德黑兰反击](https://hackernews.cc/archives/63377) - [ ] [OpenAI 封禁俄宣传网络:利用 ChatGPT 策划非洲影响力行动](https://hackernews.cc/archives/63368) - [ ] [OpenClaw 漏洞:恶意网站可劫持 AI 代理](https://hackernews.cc/archives/63367) - [ ] [英国机构被敦促警惕伊朗网络攻击威胁](https://hackernews.cc/archives/63369) - [ ] [疑似印度背景间谍活动瞄准巴基斯坦、孟加拉国及斯里兰卡](https://hackernews.cc/archives/63370) - [ ] [美国网络司令部干扰伊朗通信与传感器系统](https://hackernews.cc/archives/63371) - 绿盟科技技术博客 - [ ] [OpenClaw近期生态安全事件解读:从RCE漏洞到Skill供应链投毒分析](https://blog.nsfocus.net/openclaw%e8%bf%91%e6%9c%9f%e7%94%9f%e6%80%81%e5%ae%89%e5%85%a8%e4%ba%8b%e4%bb%b6%e8%a7%a3%e8%af%bb%ef%bc%9a%e4%bb%8erce%e6%bc%8f%e6%b4%9e%e5%88%b0skill%e4%be%9b%e5%ba%94%e9%93%be%e6%8a%95%e6%af%92/) - 锦行科技 - [ ] [十五 · 元宵 | 上元灯,照团圆](https://mp.weixin.qq.com/s?__biz=MzIxNTQxMjQyNg==&mid=2247494798&idx=1&sn=41ad5c6155132579752594b4387e0311) - 安全分析与研究 - [ ] [伪装成WPS程序银狐黑产最新注入型攻击样本分析](https://mp.weixin.qq.com/s?__biz=MzA4ODEyODA3MQ==&mid=2247495756&idx=1&sn=b50b48c738709bdeee7704f5c4fb2f12) - 黑海洋Wiki | AI机器人硬件开发 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台 - [ ] [X 开始在 iOS 上测试独立的 X Chat 应用](https://blog.upx8.com/X-%E5%BC%80%E5%A7%8B%E5%9C%A8-iOS-%E4%B8%8A%E6%B5%8B%E8%AF%95%E7%8B%AC%E7%AB%8B%E7%9A%84-X-Chat-%E5%BA%94%E7%94%A8) - [ ] [三星数字家庭钥匙让你可以用手机当钥匙](https://blog.upx8.com/%E4%B8%89%E6%98%9F%E6%95%B0%E5%AD%97%E5%AE%B6%E5%BA%AD%E9%92%A5%E5%8C%99%E8%AE%A9%E4%BD%A0%E5%8F%AF%E4%BB%A5%E7%94%A8%E6%89%8B%E6%9C%BA%E5%BD%93%E9%92%A5%E5%8C%99) - [ ] [苹果推出M5 Pro/Max芯片的MacBook Pro](https://blog.upx8.com/%E8%8B%B9%E6%9E%9C%E6%8E%A8%E5%87%BAM5-Pro-Max%E8%8A%AF%E7%89%87%E7%9A%84MacBook-Pro) - 奇客Solidot–传递最新科技情报 - [ ] [ChatGPT 卸载率在五角大楼交易之后飙升 295%](https://www.solidot.org/story?sid=83670) - [ ] [ARM Cortex X925 桌面性能赶上了 AMD 和英特尔](https://www.solidot.org/story?sid=83669) - [ ] [南极过去三十年损失了 1.2 万平方公里的底部冰](https://www.solidot.org/story?sid=83668) - [ ] [小米莱卡手机起售价 1.6 万元](https://www.solidot.org/story?sid=83667) - [ ] [人体血液中 CO2 水平也在上升](https://www.solidot.org/story?sid=83666) - [ ] [Ars Technica 的 AI 记者离职](https://www.solidot.org/story?sid=83665) - [ ] [加拿大 BC 省永久采用夏令时](https://www.solidot.org/story?sid=83664) - [ ] [日本计划禁止飞机乘客使用充电宝](https://www.solidot.org/story?sid=83663) - [ ] [左撇子的演化优势](https://www.solidot.org/story?sid=83662) - 雷神众测 - [ ] [雷神众测漏洞周报2026.2.9-2026.3.1](https://mp.weixin.qq.com/s?__biz=MzI0NzEwOTM0MA==&mid=2652503714&idx=1&sn=068b37a0d68b2f0ee42a3b6074c73775) - 代码卫士 - [ ] [丰田奔驰雷诺现代等车企的胎压检测系统广播未加密数据,可导致车辆被追踪](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525298&idx=1&sn=e2d2ed5b9a5b83d6d05abef278903ad9) - [ ] [Chrome 漏洞可导致恶意扩展通过 Gemini 面板提权](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525298&idx=2&sn=425ca98f5c96c967d36a88bbf4d252de) - 天御攻防实验室 - [ ] [以色列情报机构通过入侵交通摄像头和深度渗透手机网络,掌握了哈梅内伊的具体行踪](https://mp.weixin.qq.com/s?__biz=MzU0MzgyMzM2Nw==&mid=2247486724&idx=1&sn=8ac3e7d77e1d7db4138c7c464d60fa9a) - 腾讯玄武实验室 - [ ] [每日安全动态推送(26/3/3)](https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651960389&idx=1&sn=21c4fc43c0d0119441a6875b5246d119) - 丁爸 情报分析师的工具箱 - [ ] [【工具】伊朗开源情报资源网站](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651154589&idx=1&sn=62b0cf804bf5b9d87caf343cd39292b9) - [ ] [【资料】近期《情报杂志》以色列、伊朗、美国相关情报研究论文](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651154589&idx=2&sn=f689e7aa978bc8c0637f8b9e0f3a81d2) - 看雪学苑 - [ ] [Egg Hunter 技术详解](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458611833&idx=1&sn=5c759563230cf3b1bc8c8ace86c6f78e) - [ ] [别乱开网页!热门 AI 代理 OpenClaw 被曝可被一键劫持](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458611833&idx=2&sn=7595d5194725c2e978332750d52ad29f) - [ ] [掌握无人机设备攻防思路——《无人机安全攻防入门》热售中](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458611833&idx=3&sn=c1cb1bb3a89df277920d98099876a84d) - 安全内参 - [ ] [伊朗最高领袖之死幕后:首都摄像头、通信、基站长年被深度渗透控制](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515621&idx=1&sn=190a4254e9ee364a2fe7a41bd667fd8d) - [ ] [美国网络司令部如何参与支持对伊“史诗狂怒行动”?](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515621&idx=2&sn=f8af817b111500d371943e4495592cee) - 信安之路 - [ ] [一个好玩儿的系统上线了!!!](https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&mid=2247500333&idx=1&sn=c29991a3b7f2240619d82253486325c1) - 安全学术圈 - [ ] [伦敦国王学院 | 恶意LLM对话式AI诱使用户泄露个人信息](https://mp.weixin.qq.com/s?__biz=MzU5MTM5MTQ2MA==&mid=2247495132&idx=1&sn=979a6df99e7a8d7a9103cfd86ada4993) - 信息安全国家工程研究中心 - [ ] [正月十五元宵佳节 | 马踏春风,事事圆满](https://mp.weixin.qq.com/s?__biz=MzU5OTQ0NzY3Ng==&mid=2247503025&idx=1&sn=be0e26fbb532ba70fc419e216f78dc03) - 天黑说嘿话 - [ ] [Tools、Skills、MCP Server究竟有何不同,如何选择?](https://mp.weixin.qq.com/s?__biz=MzI5NTQ5MTAzMA==&mid=2247486005&idx=1&sn=86d7813469d99651d6b67b06d2fa4083) - 中国信息安全 - [ ] [发布 | 最高人民法院发布依法惩治网络暴力违法犯罪典型案例](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259709&idx=1&sn=d0f3ffd5480b457841cbdefb3dc969b0) - [ ] [通知 | 网安标委公开征求《网络安全标准实践指南——网络安全标识 消费类网联摄像头安全要求(征求意见稿)》意见](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259709&idx=2&sn=2a6b2cbedb5778fec0349fb544edf06a) - [ ] [专家解读 | 支持数据交易所(中心) 加大探索力度](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259709&idx=3&sn=ffc1c6520d169228b92173532e1c3bed) - [ ] [评论 | 以技术防御和法律惩戒治理“AI魔改”](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664259709&idx=4&sn=baca3b72a1e7b38a274fed8cae6b4321) - 补天平台 - [ ] [邀你开讲!补天13周年北京站沙龙议题征集ing](https://mp.weixin.qq.com/s?__biz=MzI2NzY5MDI3NQ==&mid=2247510352&idx=1&sn=2289939710e7684c1bc1d2c90d93c787) - 青藤云安全 - [ ] [AI 彻底改写战争要素与规则](https://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650850960&idx=1&sn=674c33df7efd7d95a9834e26d11d735f) - 慢雾科技 - [ ] [MistTrack Skills 发布:让 AI Agent 具备链上 AML 风险分析能力](https://mp.weixin.qq.com/s?__biz=MzU4ODQ3NTM2OA==&mid=2247504357&idx=1&sn=c632f2459fe03685f87d2016f1d825ee) - 腾讯安全威胁情报中心 - [ ] [腾讯云安全威胁情报SKill安全守护计划发布](https://mp.weixin.qq.com/s?__biz=MzI5ODk3OTM1Ng==&mid=2247511088&idx=1&sn=652370ddb00c4d2a2e075c3b3635f564) - M01N Team - [ ] [元宵节快乐](https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247494733&idx=1&sn=2ac95bf8d28b79daaddb1e51a2b4d88d) - 微步在线 - [ ] [银狐AI Agent首秀,全程自动传播 | 银狐1-2月总结](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650185558&idx=1&sn=1dcc267a989fc1d56275e4a41c700701) - 火绒安全 - [ ] [灯火映万家 火绒护此间](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531081&idx=1&sn=7d2e79b734757c30e33bab002c6686ac) - [ ] [诚邀渠道合作伙伴共启新征程](https://mp.weixin.qq.com/s?__biz=MzI3NjYzMDM1Mg==&mid=2247531081&idx=2&sn=b67e0bd28f865674c3571f4ddcf78051) - 嘶吼专业版 - [ ] [打破边界防御思维!AI驱动攻击席卷55国,600台防火墙敲响警钟](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247586938&idx=1&sn=3d5f4beba42b5b22dd48d597024fc7fd) - [ ] [嘶吼快讯|网安厂商动态汇(第13期)](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247586938&idx=2&sn=b6cf1d60b5e1eb4c1935e9deef3c5f6c) - 吾爱破解论坛 - [ ] [(图作者 | @Aoemax)](https://mp.weixin.qq.com/s?__biz=MjM5Mjc3MDM2Mw==&mid=2651143698&idx=1&sn=8628a5ab581b9addd8cb40f7982ee240) - 安全牛 - [ ] [美以空袭伊朗同步发起网络攻击,本土应用遭篡改散播反政府信息;国家网络安全通报中心发布新一批重点防范境外恶意网址和恶意IP | 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140606&idx=1&sn=c58be436ee7e99a36dc90d0741a58631) - [ ] [OpenClaw 扫描器:AI 代理安全的防护利器与行业变革催化剂](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651140606&idx=2&sn=01ee28ad0096ff01c27a0767ee5ff918) - 字节跳动安全中心 - [ ] [深度揭秘:OpenClaw Skill市场的火爆、风险与防御](https://mp.weixin.qq.com/s?__biz=MzUzMzcyMDYzMw==&mid=2247496021&idx=1&sn=6230f76360222351d36711e2b1e6fa9c) - 数世咨询 - [ ] [“零知识”神话破灭:研究人员用27种攻击可攻破主流密码管理软件](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541866&idx=1&sn=722ed5200dc2d7edd1396152261e0679) - [ ] [刘烈宏:以高水平数据基础设施助力数字中国建设](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247541866&idx=2&sn=97585929d089957bed8c2ca44a88a35e) - 极客公园 - [ ] [对话千问 AI 硬件负责人宋刚:2026,硬件要由 AI 定义](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100317&idx=1&sn=448d4d2d6c1d040b7a2c7d4fab0f210c) - [ ] [OpenClaw 之后,AI 创业的逻辑变了](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100317&idx=2&sn=a3554629db294b08ec094b88552c5c4e) - [ ] [iPhone 17e 发布,4499 元起售;马斯克:10 年内上班将全凭自愿;卢伟冰:5 年内机器人进小米产线](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653100283&idx=1&sn=dfdfeb4332023085c3577034e32e8b82) - 吴鲁加 - [ ] [智力便宜了,然后呢](https://mp.weixin.qq.com/s?__biz=Mzg5NDY4ODM1MA==&mid=2247485956&idx=1&sn=51f9d1b14d43ce797fb16b07883abed2) - 陌陌安全 - [ ] [2026元宵福利来袭:漏洞奖金翻倍,陌陌SRC邀你共庆佳节!](https://mp.weixin.qq.com/s?__biz=MzI2OTYzOTQzNw==&mid=2247489167&idx=1&sn=470a4f3eb8f8ecf9af7d78cc355d1af1) - 威胁猎人Threat Hunter - [ ] [跨境作弊风险:高收益驱动下跨境黑灰产作恶模式与手法分析](https://mp.weixin.qq.com/s?__biz=MzI3NDY3NDUxNg==&mid=2247502838&idx=1&sn=8bbfc78a8e48936e4e8edcc3f37b5541) - 360数字安全 - [ ] [护航2026全国两会!360Web安全智能体开启7×24H重保守护模式](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585154&idx=1&sn=7e44e85082e7e3d0b3f6fadd17859443) - [ ] [热点:美国寻求“无限制AI武器”对准中国关键基础设施,外交部严正回应](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585154&idx=2&sn=504d35efade5de337eed61b25ee8dc17) - 情报分析师 - [ ] [史诗怒火行动,AI情报融合下暗杀哈梅内伊深度剖析](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650566987&idx=1&sn=4038fe61dc600293408484ed333b4449) - [ ] [美国-以色列联合行动对伊朗舆论战手法分析](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650566987&idx=2&sn=d9267c56a6708821359687e63155d10c) - 迪哥讲事 - [ ] [Cookie炸弹](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499134&idx=1&sn=ace3fcfba02147e5ebaf9ba849194012) - 国家互联网应急中心CNCERT - [ ] [CNVD漏洞周报2026年第8期](https://mp.weixin.qq.com/s?__biz=MzIwNDk0MDgxMw==&mid=2247501248&idx=1&sn=c671e79f57af6b57eb8c08427e0d245a) - 字节跳动技术团队 - [ ] [ICLR 2026 | 火山引擎多媒体实验室提出GenDR, 探索扩散模型超分落地难题](https://mp.weixin.qq.com/s?__biz=MzI1MzYzMjE0MQ==&mid=2247518630&idx=1&sn=f2daf15842c5c96e1233a3ac4c2df9fd) - bellingcat - [ ] [“Bombs will fall Everywhere”: The American, Israeli and Iranian Weapons Being Deployed in Middle East](https://www.bellingcat.com/news/2026/03/03/bombs-will-fall-everywhere-the-american-israeli-and-iranian-weapons-being-deployed-in-middle-east/) - ICT Security Magazine - [ ] [Il trattamento dei dati sanitari](https://www.ictsecuritymagazine.com/articoli/dati-sanitari/) - Securityinfo.it - [ ] [Android: 129 vulnerabilità corrette, zero-day Qualcomm già sfruttata](https://www.securityinfo.it/2026/03/03/android-129-vulnerabilita-corrette-zero-day-qualcomm-gia-sfruttata/?utm_source=rss&utm_medium=rss&utm_campaign=android-129-vulnerabilita-corrette-zero-day-qualcomm-gia-sfruttata) - Have I Been Pwned latest breaches - [ ] [Provecho - 712,904 breached accounts](https://haveibeenpwned.com/Breach/Provecho) - Over Security - Cybersecurity news aggregator - [ ] [CISA flags VMware Aria Operations RCE flaw as exploited in attacks](https://www.bleepingcomputer.com/news/security/cisa-flags-vmware-aria-operations-rce-flaw-as-exploited-in-attacks/) - [ ] [Paint maker giant AkzoNobel confirms cyberattack on U.S. site](https://www.bleepingcomputer.com/news/security/paint-maker-giant-akzonobel-confirms-cyberattack-on-us-site/) - [ ] [Facebook accounts unavailable in worldwide outage](https://www.bleepingcomputer.com/news/technology/facebook-hit-with-worldwide-outage-stating-accounts-are-unavailable/) - [ ] [Vulnerability & Patch Roundup — February 2026](https://blog.sucuri.net/2026/02/vulnerability-patch-roundup-february-2026.html) - [ ] [Microsoft: Hackers abuse OAuth error flows to spread malware](https://www.bleepingcomputer.com/news/security/microsoft-hackers-abuse-oauth-error-flows-to-spread-malware/) - [ ] [Telecamere di Teheran hackerate e IA: l’arma letale del Mossad per uccidere Khamenei](https://www.cybersecurity360.it/news/telecamere-di-teheran-hackerate-e-ia-larma-letale-del-mossad-per-uccidere-khamenei/) - [ ] [California fines national high school ticketing platform $1.1 million for privacy violations](https://therecord.media/california-fines-national-high-school-ticketing-platform-privacy) - [ ] [LexisNexis says hackers accessed legacy data in contained breach](https://therecord.media/lexisnexis-says-hackers-accessed-legacy-data) - [ ] [Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran](https://techcrunch.com/2026/03/03/hacked-traffic-cams-and-hijacked-tvs-how-cyber-operations-supported-the-war-against-iran/) - [ ] [Google urges Supreme Court to strike down geofence warrants as unconstitutional](https://therecord.media/google-urges-supreme-court-strike-down-geolocation-warrants) - [ ] [Google Chrome shifts to two-week release cycle for increased stability](https://www.bleepingcomputer.com/news/security/google-chrome-shifts-to-two-week-release-cycle-for-increased-stability/) - [ ] [Analisi di una campagna WsgiDAV multi-stage: falsa comunicazione da Agenzia Nazionale Finanziaria](https://cert-agid.gov.it/news/analisi-di-una-campagna-wsgidav-multi-stage-falsa-comunicazione-da-agenzia-nazionale-finanziaria/) - [ ] [Aggiornamenti Android marzo 2026, corretta una zero-day già sfruttata: cosa fare subito](https://www.cybersecurity360.it/news/aggiornamenti-android-marzo-2026-corretta-una-zero-day-gia-sfruttata-cosa-fare-subito/) - [ ] [LexisNexis confirms data breach as hackers leak stolen files](https://www.bleepingcomputer.com/news/security/lexisnexis-confirms-data-breach-as-hackers-leak-stolen-files/) - [ ] [Attacchi cyber in Iran: le 3 ipotesi del crollo della connettività Internet](https://www.cybersecurity360.it/nuove-minacce/attacchi-cyber-in-iran-le-3-ipotesi-del-crollo-della-connettivita-internet/) - [ ] [Western allies form 6G security coalition amid tech rivalry with China](https://therecord.media/western-allies-form-6g-security-coalition) - [ ] [Cyber-Kinetic Warfare Escalates as Iran, US, and Israel Clash Across Military and Digital Fronts](https://thecyberexpress.com/middle-east-iran-us-israel-hybrid-warfare/) - [ ] [Middle East on the Brink: Iran-US-Israel Hostilities Trigger Cyber-Kinetic Conflict](https://cyble.com/blog/middle-east-iran-us-israel-hybrid-conflict/) - [ ] [Compromised Site Management Panels are a Hot Item in Cybercrime Markets](https://www.bleepingcomputer.com/news/security/compromised-site-management-panels-are-a-hot-item-in-cybercrime-markets/) - [ ] [Florida woman gets 2 year sentence for trafficking Microsoft software labels](https://therecord.media/florida-woman-sentenced-reselling-microsoft-labels) - [ ] [Quando il vecchio PC va in pensione, ma i dati restano al lavoro](https://www.cybersecurity360.it/soluzioni-aziendali/quando-il-vecchio-pc-va-in-pensione-ma-i-dati-restano-al-lavoro/) - [ ] [Iranian drone strikes hit Amazon data centers in Gulf, disrupting cloud services](https://therecord.media/iran-drone-strikes-hit-amazon-data-centers-gulf) - [ ] [Amazon: Drone strikes damaged AWS data centers in Middle East](https://www.bleepingcomputer.com/news/technology/amazon-drone-strikes-damaged-aws-data-centers-in-middle-east/) - [ ] [Star Citizen game dev discloses breach affecting user data](https://www.bleepingcomputer.com/news/security/star-citizen-game-dev-discloses-breach-affecting-user-data/) - [ ] [Expanding Phishing Detection at Scale with Automatic SSL Decryption](https://any.run/cybersecurity-blog/automatic-ssl-decryption/) - [ ] [UH Cancer Center data breach affects nearly 1.2 million people](https://www.bleepingcomputer.com/news/security/university-of-hawaii-cancer-center-ransomware-attack-affects-nearly-12-million-people/) - [ ] [Home Routers in Singapore Must Meet Higher Security Standards by 2027](https://thecyberexpress.com/singapore-mandatory-cybersecurity-requirements/) - [ ] [Android: 129 vulnerabilità corrette, zero-day Qualcomm già sfruttata](https://www.securityinfo.it/2026/03/03/android-129-vulnerabilita-corrette-zero-day-qualcomm-gia-sfruttata/) - [ ] [WinGet Desired State: Initial Access Established](https://blog.compass-security.com/2026/03/winget-desired-state-initial-access-established/) - [ ] [NIS 2: coerenza, aggiornamento e tracciabilità del rischio digitale](https://www.cybersecurity360.it/legal/documenti-come-processo-coerenza-aggiornamento-e-tracciabilita-del-rischio-digitale-nella-nis-2/) - [ ] [Android gets patches for Qualcomm zero-day exploited in attacks](https://www.bleepingcomputer.com/news/security/google-patches-android-zero-day-actively-exploited-in-attacks/) - [ ] [Provecho - 712,904 breached accounts](https://haveibeenpwned.com/Breach/Provecho) - [ ] [University of Hawaii Cancer Center Breach Exposes SSNs of 87,000+ Participants](https://thecyberexpress.com/uh-cancer-center-cyberattack/) - [ ] [Talos on the developing situation in the Middle East](https://blog.talosintelligence.com/talos-developing-situation-in-the-middle-east/) - [ ] [CyberStrikeAI tool adopted by hackers for AI-powered attacks](https://www.bleepingcomputer.com/news/security/cyberstrikeai-tool-adopted-by-hackers-for-ai-powered-attacks/) - IT Service Management News - [ ] [Sviluppo software, intelligenza artificiale e sicurezza](http://blog.cesaregallotti.it/2026/03/sviluppo-software-intelligenza.html) - Schneier on Security - [ ] [On Moltbook](https://www.schneier.com/blog/archives/2026/03/on-moltbook.html) - 娜璋AI安全之家 - [ ] [《AI Coding入门与实战》开源课程分享:第5课 基于iFlyCode的桌面应用程序开发(AI大学堂)](https://mp.weixin.qq.com/s?__biz=Mzg5MTM5ODU2Mg==&mid=2247502747&idx=1&sn=51d653a11e76903a46eae21a8b776469) - Tor Project blog - [ ] [Arti 2.1.0 released: Relay and RPC development.](https://blog.torproject.org/arti_2_1_0_released/) - SANS Internet Storm Center, InfoCON: green - [ ] [Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)](https://isc.sans.edu/diary/rss/32762) - [ ] [ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)](https://isc.sans.edu/diary/rss/32760) - Active Directory & Azure AD/Entra ID Security - [ ] [Detecting Fake Active Directory Password Changes](https://adsecurity.org/?p=4969) - Deeplinks - [ ] [EFF to Third Circuit: Electronic Device Searches at the Border Require a Warrant](https://www.eff.org/deeplinks/2026/03/eff-third-circuit-electronic-device-searches-border-require-warrant) - [ ] [The Anthropic-DOD Conflict: Privacy Protections Shouldn’t Depend On the Decisions of a Few Powerful People](https://www.eff.org/deeplinks/2026/03/anthropic-dod-conflict-privacy-protections-shouldnt-depend-decisions-few-powerful) - [ ] [EFF to Supreme Court: Shut Down Unconstitutional Geofence Searches](https://www.eff.org/press/releases/eff-supreme-court-shut-down-unconstitutional-geofence-searches) - Blackhat Library: Hacking techniques and research - [ ] [A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals](https://www.reddit.com/r/blackhat/comments/1rjy6pu/a_possible_us_government_iphonehacking_toolkit_is/) - [ ] [Security Advice](https://www.reddit.com/r/blackhat/comments/1rjm3ei/security_advice/) - [ ] [Help with scammers](https://www.reddit.com/r/blackhat/comments/1rjjazp/help_with_scammers/) - [ ] [Infected by GTA 5 Cheats: How an Infostealer Infection Unmasked a North Korean Agent](https://www.reddit.com/r/blackhat/comments/1rjd998/infected_by_gta_5_cheats_how_an_infostealer/) - GRAHAM CLULEY - [ ] [They seized $4.8m in crypto… then gave the master key to the internet](https://www.bitdefender.com/en-us/blog/hotforsecurity/they-seized-4-8m-in-crypto-then-gave-the-master-key-to-the-internet) - Your Open Hacker Community - [ ] [TryHackMe practice](https://www.reddit.com/r/HowToHack/comments/1rk0tjm/tryhackme_practice/) - [ ] [Arp poisoning on iphone](https://www.reddit.com/r/HowToHack/comments/1rjxj5y/arp_poisoning_on_iphone/) - [ ] [Security Advice](https://www.reddit.com/r/HowToHack/comments/1rjm369/security_advice/) - [ ] [Kindle dle books](https://www.reddit.com/r/HowToHack/comments/1rjlckf/kindle_dle_books/) - [ ] [i’m desperate, what can i do with my best friend who has passed away instagram account?](https://www.reddit.com/r/HowToHack/comments/1rk4pql/im_desperate_what_can_i_do_with_my_best_friend/) - [ ] [How is ATO scam done](https://www.reddit.com/r/HowToHack/comments/1rjey6f/how_is_ato_scam_done/) - Deep Web - [ ] [Hacker forms for learning](https://www.reddit.com/r/deepweb/comments/1rjxwes/hacker_forms_for_learning/) - Computer Forensics - [ ] [MalChela Meets AI: Three Paths to Smarter Malware Analysis](https://www.reddit.com/r/computerforensics/comments/1rjus4l/malchela_meets_ai_three_paths_to_smarter_malware/) - The Register - Security - [ ] [Dev stunned by $82K Gemini bill after unknown API key thief goes to town](https://go.theregister.com/feed/www.theregister.com/2026/03/03/gemini_api_key_82314_dollar_charge/) - [ ] [Chat at your own risk! Data brokers are selling deeply personal bot transcripts](https://go.theregister.com/feed/www.theregister.com/2026/03/03/chatbot_data_harvesting_personal_info/) - [ ] [Cyberwarriors elevated to big leagues in US war with Iran](https://go.theregister.com/feed/www.theregister.com/2026/03/03/cyberwarriors_us_iran_war/) - [ ] [Turns out most cybercriminals are old enough to know better](https://go.theregister.com/feed/www.theregister.com/2026/03/03/turns_out_most_cybercriminals_are/) - [ ] [Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite](https://go.theregister.com/feed/www.theregister.com/2026/03/03/perplexity_comet_browser_hole_cal_invite/) - [ ] [Chrome Gemini panel became privilege escalator for rogue extensions](https://go.theregister.com/feed/www.theregister.com/2026/03/03/google_chrome_bug_gemini/) - [ ] [Cybercriminals swipe 15.8M medical records from French doctors ministry](https://go.theregister.com/feed/www.theregister.com/2026/03/03/french_medical_leak/) - [ ] [Gamers furious as Brit studio Cloud Imperium quietly admits to data breach](https://go.theregister.com/feed/www.theregister.com/2026/03/03/brit_games_studio_cloud_imperium/) - [ ] [Phish of the day: Microsoft OAuth scams abuse redirects for malware delivery](https://go.theregister.com/feed/www.theregister.com/2026/03/03/microsoft_oauth_scams/) - The Hacker News - [ ] [Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations](https://thehackernews.com/2026/03/fake-tech-support-spam-deploys.html) - [ ] [Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow](https://thehackernews.com/2026/03/building-high-impact-tier-1-3-steps.html) - [ ] [Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries](https://thehackernews.com/2026/03/open-source-cyberstrikeai-deployed-in.html) - [ ] [AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged](https://thehackernews.com/2026/03/ai-agents-next-wave-identity-dark.html) - [ ] [Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication](https://thehackernews.com/2026/03/starkiller-phishing-suite-uses-aitm.html) - [ ] [Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets](https://thehackernews.com/2026/03/microsoft-warns-oauth-redirect-abuse.html) - [ ] [Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited](https://thehackernews.com/2026/03/google-confirms-cve-2026-21385-in.html) - [ ] [SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains](https://thehackernews.com/2026/03/sloppylemming-targets-pakistan-and.html) - Information Security - [ ] [Is phishing dominating your triage workload?](https://www.reddit.com/r/Information_Security/comments/1rjo9hm/is_phishing_dominating_your_triage_workload/) - [ ] [AMA: We are the Lares Adversarial Collaboration Unit. Ask us anything about bridging Tabletop Exercises (TTX) with live TTP Replay to prove your cyber readiness!](https://www.reddit.com/r/Information_Security/comments/1rjwxdl/ama_we_are_the_lares_adversarial_collaboration/) - Security Affairs - [ ] [Facebook is experiencing a global outage](https://securityaffairs.com/188858/social-networks/facebook-is-experiencing-a-global-outage.html) - [ ] [Ariomex, Iran-based crypto exchange, suffers data leak](https://securityaffairs.com/188848/digital-id/ariomex-iran-based-crypto-exchange-suffers-data-leak.html) - [ ] [Oracle EBS 2025 campaign impacts Madison Square Garden, sensitive data leaked](https://securityaffairs.com/188814/cyber-crime/oracle-ebs-2025-campaign-impacts-madison-square-garden-sensitive-data-leaked.html) - [ ] [Phishing campaign exploits OAuth redirection to bypass defenses](https://securityaffairs.com/188829/hacking/phishing-campaign-exploits-oauth-redirection-to-bypass-defenses.html) - [ ] [Android devices hit by exploited Qualcomm flaw CVE-2026-21385](https://securityaffairs.com/188823/security/android-devices-hit-by-exploited-qualcomm-flaw-cve-2026-21385.html) - [ ] [Chrome security flaw enabled spying via Gemini Live assistant](https://securityaffairs.com/188807/security/chrome-security-flaw-enabled-spying-via-gemini-live-assistant.html) - Technical Information Security Content & Discussion - [ ] [Sometimes, You Can Just Feel The Security In The Design (Junos OS Evolved CVE-2026-21902 RCE) - watchTowr Labs](https://www.reddit.com/r/netsec/comments/1rjqfwy/sometimes_you_can_just_feel_the_security_in_the/) - [ ] [Phishing Lures Utilizing a Single Google Cloud Storage Bucket](https://www.reddit.com/r/netsec/comments/1rjxne1/phishing_lures_utilizing_a_single_google_cloud/) - [ ] [IPVanish VPN macOS Privilege Escalation](https://www.reddit.com/r/netsec/comments/1rjv9wp/ipvanish_vpn_macos_privilege_escalation/) - [ ] [Red Teaming LLM Web Apps with Promptfoo: Writing a Custom Provider for Real-World Pentesting](https://www.reddit.com/r/netsec/comments/1rjssls/red_teaming_llm_web_apps_with_promptfoo_writing_a/) - [ ] [Built a free live CVE intelligence dashboard — looking for feedback](https://www.reddit.com/r/netsec/comments/1rjo4do/built_a_free_live_cve_intelligence_dashboard/) - netsecstudents: Subreddit for students studying Network Security and its related subjects - [ ] [First cybersecurity homelab with very limited hardware – any ideas?](https://www.reddit.com/r/netsecstudents/comments/1rk42yq/first_cybersecurity_homelab_with_very_limited/) - [ ] [🎮 Game 2 is HERE! 🚨Looking for Quick Game Testers!!](https://www.reddit.com/r/netsecstudents/comments/1rjegoa/game_2_is_here_looking_for_quick_game_testers/) - Trend Micro Research, News and Perspectives - [ ] [CISOs in a Pinch: A Security Analysis of OpenClaw](https://www.trendmicro.com/en_us/research/26/c/cisos-in-a-pinch-security-analysis-of-openclaw.html) - DEFION Research Labs - [ ] [Ruckus Unleashed: Multiple vulnerabilities exploited](/en/research-labs/ruckus-unleashed-multiple-vulnerabilities-exploited) - [ ] [Pwn2Own Automotive 2024: Hacking the Autel MaxiCharger](/en/research-labs/pwn2own-automotive-2024-hacking-the-autel-maxicharger) - [ ] [Pwn2Own Automotive 2024: Hacking the JuiceBox 40](/en/research-labs/pwn2own-automotive-2024-hacking-the-juicebox-40) - [ ] [Pwn2Own Automotive 2024: Hacking the ChargePoint Home Flex (and their cloud...)](/en/research-labs/pwn2own-automotive-2024-hacking-the-chargepoint-home-flex-and-their-cloud) - [ ] [DoNex/DarkRace Ransomware Decryptor](/en/research-labs/donex-darkrace-ransomware-decryptor) - [ ] [CVE-2024-20693: Windows cached code signature manipulation](/en/research-labs/cve-2024-20693-windows-cached-code-signature-manipulation) - [ ] [Bringing process injection into view(s): exploiting all macOS apps using nib files](/en/research-labs/bringing-process-injection-into-view-s-exploiting-all-macos-apps-using-nib-files) - [ ] [Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing](/en/research-labs/don-t-talk-all-at-once-elevating-privileges-on-macos-by-audit-token-spoofing) - [ ] [Getting SYSTEM on Windows in style](/en/research-labs/getting-system-on-windows-in-style) - [ ] [Technical analysis of the Genesis Market](/en/research-labs/technical-analysis-of-the-genesis-market) - [ ] [Bad things come in large packages: .pkg signature verification bypass on macOS](/en/research-labs/bad-things-come-in-large-packages-pkg-signature-verification-bypass-on-macos) - [ ] [Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution](/en/research-labs/pwn2own-miami-2022-iconics-genesis64-arbitrary-code-execution) - [ ] [Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS](/en/research-labs/pwn2own-miami-2022-unified-automation-c-demo-server-dos) - [ ] [Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution](/en/research-labs/pwn2own-miami-2022-aveva-edge-arbitrary-code-execution) - [ ] [Process injection: breaking all macOS security layers with a single vulnerability](/en/research-labs/process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability) - [ ] [Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution](/en/research-labs/pwn2own-miami-2022-inductive-automation-ignition-remote-code-execution) - [ ] [Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass](/en/research-labs/pwn2own-miami-2022-opc-ua-net-standard-trusted-application-check-bypass) - [ ] [CoronaCheck App TLS certificate vulnerabilities](/en/research-labs/coronacheck-app-tls-certificate-vulnerabilities) - [ ] [Sandbox escape + privilege escalation in StorePrivilegedTaskService](/en/research-labs/sandbox-escape-privilege-escalation-in-storeprivilegedtaskservice) - [ ] [Proctorio Chrome extension Universal Cross-Site Scripting](/en/research-labs/proctorio-chrome-extension-universal-cross-site-scripting) - [ ] [Zoom RCE from Pwn2Own 2021](/en/research-labs/zoom-rce-from-pwn2own-2021) - [ ] [Adobe Acrobat privilege escalation](/en/research-labs/adobe-acrobat-privilege-escalation) - [ ] [iOS VPN support: 3 different bugs](/en/research-labs/ios-vpn-support-3-different-bugs) - [ ] [Sign in with Apple - authentication bypass](/en/research-labs/sign-in-with-apple-authentication-bypass) - [ ] [Jenkins - authentication bypass](/en/research-labs/jenkins-authentication-bypass) - [ ] [DNS rebinding for HTTPS](/en/research-labs/dns-rebinding-for-https) - [ ] [Spring Security - insufficient cryptographic randomness](/en/research-labs/spring-security-insufficient-cryptographic-randomness) - [ ] [XenServer - path traversal leading to authentication bypass](/en/research-labs/xenserver-path-traversal-leading-to-authentication-bypass) - [ ] [Volkswagen Auto Group MIB infotainment system - unauthenticated remote code execution as root](/en/research-labs/volkswagen-auto-group-mib-infotainment-system-unauthenticated-remote-code-execution-as-root) - [ ] [NAPALM - command execution on NAPLM controller from host](/en/research-labs/napalm-command-execution-on-naplm-controller-from-host) - [ ] [MySQL Connector/J - Unexpected deserialisation of Java objects](/en/research-labs/mysql-connector-j-unexpected-deserialisation-of-java-objects) - [ ] [Ansible - command execution on Ansible controller from host](/en/research-labs/ansible-command-execution-on-ansible-controller-from-host) - [ ] [Observium - unauthenticated remote code execution](/en/research-labs/observium-unauthenticated-remote-code-execution) - [ ] [cSRP/srpforjava - obtaining of hashed passwords](/en/research-labs/csrp-srpforjava-obtaining-of-hashed-passwords) - [ ] [StartEncrypt - obtaining valid SSL certificates for unauthorized domains](/en/research-labs/startencrypt-obtaining-valid-ssl-certificates-for-unauthorized-domains) - Security Weekly Podcast Network (Audio) - [ ] [North Korea, DOJ, APT 28, Anthropic, OpenClaw, Supply Chain, Josh Marpet, and More - SWN #560](http://sites.libsyn.com/18678/north-korea-doj-apt-28-anthropic-openclaw-supply-chain-josh-marpet-and-more-swn-560) - [ ] [Modern AppSec that keeps pace with AI development - James Wickett - ASW #372](http://sites.libsyn.com/18678/modern-appsec-that-keeps-pace-with-ai-development-james-wickett-asw-372)
每日安全资讯(2026-03-04)