# 每日安全资讯(2026-04-28) - SecWiki News - [ ] [SecWiki News 2026-04-27 Review](http://www.sec-wiki.com/?2026-04-27) - Doonsec's feed - [ ] [别只防输出!AI&nbsp;Agent的中间漏洞百出](https://mp.weixin.qq.com/s/q2d017-iOE3NJWjaMrIwVw) - [ ] [【AI安全】别只防输出!AI Agent 的中间流程漏洞百出](https://mp.weixin.qq.com/s/2bRYPweh1tzlqV8JfDwnuA) - [ ] [某大厂员工离职交接电脑,格式化了硬盘,结果被IT部门刁难,说“恶意破坏公司资产”,怎么破解?](https://mp.weixin.qq.com/s/ukPsUANTQuJlPydNMzkXKg) - [ ] [抓包 + AI 逆向神器来了!全平台通吃,自动解析协议与加密](https://mp.weixin.qq.com/s/CA7DKwWTLeHZnTG0zsgJ_g) - [ ] [挖了半年SRC颗粒无收](https://mp.weixin.qq.com/s/ud7JZmXaoDws78PTZtGQww) - [ ] [速度与激情3:智能体RAG权限——五种模式与安全团队实践建议](https://mp.weixin.qq.com/s/HOhbZvj5GicDRLlppALjMQ) - [ ] [百亿TVL狂欢背后,藏着怎样的套娃代价?](https://mp.weixin.qq.com/s/jBihuh9HjCtlw09Ss9eUag) - [ ] [Vvveb CMS 任意文件上传导致RCE | CVE-2026-6257原理分析&研究](https://mp.weixin.qq.com/s/X7RDgEZs6UiknLMJKM_GlQ) - [ ] [【高危漏洞预警】Notepad++字符串注入漏洞(CVE-2026-3008)](https://mp.weixin.qq.com/s/ZOIw-ddU5YRUo9rm2Ahu9Q) - [ ] [国家发改委禁止外资收购Manus核心原因:踩中三条红线](https://mp.weixin.qq.com/s/jv2BBEzl_vz8IwFwu-YdEg) - [ ] [30种Java一句话木马免杀方法](https://mp.weixin.qq.com/s/YI49D9BsjxCgiiI7MmsIMw) - [ ] [CSDN、知乎、公众号再也别想卡我了!code-box 一键解锁全部内容](https://mp.weixin.qq.com/s/_srmbf7oJYblZrErifcMAg) - [ ] [抓包之后再也不用手动分析了!Anything Analyzer 来了](https://mp.weixin.qq.com/s/ksRTT0Cm1EFbBjcrWB16Hg) - [ ] [意大利完成涉网案件中国籍嫌疑人的引渡程序](https://mp.weixin.qq.com/s/smdIZvZKszrLOURXn8Aaig) - [ ] [突发!意大利批准:美国引渡中国工程师徐泽伟](https://mp.weixin.qq.com/s/CMfuasyHCO9QMABelQ78zw) - [ ] [【资源】全球武器装备网站汇总](https://mp.weixin.qq.com/s/63yFb55ugk2BsLA3eTtB4Q) - [ ] [Agent Security skill Scanner v6.2.0 开源进度](https://mp.weixin.qq.com/s/uItBWILyTeG1msnO43EOdw) - [ ] [懂车帝厉害了,想让谁去北京法院受审谁就得去](https://mp.weixin.qq.com/s/GWE3te4hi_P3unS8bvPnAA) - [ ] [好的Ai](https://mp.weixin.qq.com/s/ovh5V63IzAKpQFAVN2o6mg) - [ ] [1v1论文指导!985/211专业对口导师手把手指导至录用!SCI/SSCI/EI/中文核心/毕业论文](https://mp.weixin.qq.com/s/ewouYUEqXQiWZID6sckTGA) - [ ] [网警提醒:别让你的“一键分享”,成为打开安全防线的“万能钥匙”](https://mp.weixin.qq.com/s/zuNmuVcZKbAAUTXfWB_MEw) - [ ] [SecNews资讯260427](https://mp.weixin.qq.com/s/h1zY4Fk42r1Z-ZOVgK41tw) - [ ] [资产识别阶段最容易犯的错误](https://mp.weixin.qq.com/s/EL4xL2XXQE3_zKrct2QPuw) - [ ] [网络安全是伪需求吗](https://mp.weixin.qq.com/s/HyPQOR3VTBh7vYQAYCd1zA) - [ ] [Pixel 4A 集成KernelSU小记](https://mp.weixin.qq.com/s/UG_6Ta8HjY7sLWiMyegr0g) - [ ] [CNVD漏洞周报2026年第16期](https://mp.weixin.qq.com/s/xE9qsfiaRNa2a44P0vnRBg) - [ ] [上周关注度较高的产品安全漏洞(20260420-20260426)](https://mp.weixin.qq.com/s/OO3VIb2Ko4MORay2pLDiUA) - [ ] [新型社工钓鱼伪装技术之WinGet配置文件+Lnk文件](https://mp.weixin.qq.com/s/swR1OomJ7-Ts8GHHvEPdEw) - [ ] [Bluesky刚缓过劲,Mastodon又遭DDoS暴击!去中心化社交真的更安全吗?](https://mp.weixin.qq.com/s/e9kCVB-uEpN7X4Iu-69tbg) - [ ] [潜伏12年的“幽灵”浮现!Linux 惊现高危提权漏洞,众多主流发行版集体沦陷](https://mp.weixin.qq.com/s/rISt6k5t53l3ksz4wV_f4g) - [ ] [当AI开始“吃毒”:国家病毒中心紧急通报“龙虾”智能体遭供应链投毒!](https://mp.weixin.qq.com/s/ib_OYvY3E4do4d2fSk43jg) - [ ] [企业管理在中国是个伪命题?](https://mp.weixin.qq.com/s/p-fCdbqhCHHjx_f81-Jq9w) - [ ] [喜报 | 水滴实验室勇夺智能渗透挑战赛全国亚军](https://mp.weixin.qq.com/s/yWnLaXCivEgw-HrX5CUyNA) - [ ] [2026智能云生态大会 | 养虾不养“瞎”,安全顶呱呱!](https://mp.weixin.qq.com/s/_wWuaGu1L7mxnKvHkwqf5g) - [ ] [倒计时3天 | 国云强智 普惠共生](https://mp.weixin.qq.com/s/LiKyj4Po9Howh-IwyKBKyQ) - [ ] [取证赛事高分利器重磅来袭!](https://mp.weixin.qq.com/s/SM1YBfd0Govl2nYw1Rz1-w) - [ ] [CISP家族热门认证全解析!](https://mp.weixin.qq.com/s/Q60CiDlykhCZBqgtvH9XUA) - [ ] [AI能在15分钟内武器化CVE漏洞么?答案是能](https://mp.weixin.qq.com/s/VSdnlmzHQ4k5GaYlO10C2Q) - [ ] [攻防实战赋能dd2系列二](https://mp.weixin.qq.com/s/jfl8GtWvdNcX2skZ33WEPA) - [ ] [AI时代,白帽手艺还硬吗?|周三晚直播验牌](https://mp.weixin.qq.com/s/oRu3T4sFcXyvOKGVI6BNew) - [ ] [微软正式发布组策略,从企业设备中移除 Windows 11 Copilot](https://mp.weixin.qq.com/s/KeFixNsJ4DhYGgj2t92oDA) - [ ] [警惕AI换脸新骗局!湖北首例盗号案曝光,法人脸照竟能被伪造](https://mp.weixin.qq.com/s/uNGy4ju7_o7iGTe_S5e1OQ) - [ ] [中方禁止外资收购Manus项目](https://mp.weixin.qq.com/s/czO_NxSrJlTAd_98wvCfUQ) - [ ] [群英汇聚榕城,共筑网安防线第三届“长城杯”网数智安全大赛(防护赛)总决赛即将开启](https://mp.weixin.qq.com/s/333KlMZbZlGtMQ4lScswDQ) - [ ] [你敢信,他们都来了!HPW白帽世界大会2026全议程发布](https://mp.weixin.qq.com/s/kZ05dpoz9V-tmued7eblGQ) - [ ] [一键查阅!新版“威胁通缉令”完整合集](https://mp.weixin.qq.com/s/yzXGHQKpzYUfUQ8AXbepLg) - [ ] [WWW 2026|快手提出业界首个情景感知的推理增强生成式搜索框架,从“关键词匹配”走向“语境理解”](https://mp.weixin.qq.com/s/IVBUbra0tICOhulJREFlAQ) - [ ] [国家发改委:禁止外资收购Manus项目!背后原因…](https://mp.weixin.qq.com/s/k1orz3E41-o7mI4q7l42hA) - [ ] [Python漏洞导致Windows系统越界写入](https://mp.weixin.qq.com/s/yAFDEpfWe6EFm3lnozoVeA) - [ ] [新的Windows RPC漏洞允许攻击者在所有Windows版本中提升权限](https://mp.weixin.qq.com/s/3xuBkR0gVs9Zp7pgQSJ4Kw) - [ ] [CialloVOL 1.2:便捷好用的轻量化内存取证分析平台](https://mp.weixin.qq.com/s/nOvH2iZ1JOXIcppJAJn5uQ) - [ ] [重庆银行打造“重银晓AI”品牌应用,已落地17个场景](https://mp.weixin.qq.com/s/Tbtl_b30mP_gNjT_gzj17A) - [ ] [AI快讯:Manus收购案定了,蚂蚁国际推出跨境收单海外支付集成Skill](https://mp.weixin.qq.com/s/gtibFFD9s6S-bCpB0SNYgw) - [ ] [泰隆银行小鱼快证智能体平台项目供应商召集](https://mp.weixin.qq.com/s/-zob4bKS9Rd0W4psp8JtpQ) - [ ] [【安全圈】潜伏 8 年的漏洞,WPS 365 轻舟 AI 如何从源头免疫?](https://mp.weixin.qq.com/s/HMx0Y-GakKYxFrQk_wi6cA) - [ ] [【安全圈】大小仅 1KB!最具毁灭性的切尔诺贝利病毒感染 6000 万台电脑:清空硬盘数据、改写主板 BIOS](https://mp.weixin.qq.com/s/xViqBHEDlafpYOUYkvyFWA) - [ ] [【安全圈】超一万台 Zimbra 服务器易受持续 XSS 攻击](https://mp.weixin.qq.com/s/Cg_E7vnIRdaK8UyQkwU5JA) - [ ] [天融信连续11届获CNCERT最高级支撑单位,重点技术领域入选最多!](https://mp.weixin.qq.com/s/3x73_ld4H_XZLLs8okVEnw) - [ ] [天融信亮相CHIMA 2026,助力医疗行业AI快速、安全落地](https://mp.weixin.qq.com/s/Vls68Zdks-iiAx7EFmpK8w) - [ ] [[更新]红队加载器LoaderV6.2](https://mp.weixin.qq.com/s/2iLSl2pkr7cYUWq-WLcvbg) - [ ] [深陷“中国制造”危机感,美日紧急构筑无人机技术同盟](https://mp.weixin.qq.com/s/B8-QxYxk09qPdXaCD_fA9A) - [ ] [AI 渗透进入“下半场”:为什么逻辑协同比大模型本身更重要?](https://mp.weixin.qq.com/s/-MJC6jpQvMsgW6vZan-Tlw) - [ ] [Venom · 致命精准的渗透测试利器](https://mp.weixin.qq.com/s/E42VDIZ8e_8XqNb7RLl2NA) - [ ] [七大新趋势曝光!绿盟科技《APT高级威胁研究报告》(2026 版)正式发布](https://mp.weixin.qq.com/s/mLkpQmelSHWrAKZ2U4yMDQ) - [ ] [AI赋能医疗卫生安全运营 以主动防御守护数智健康](https://mp.weixin.qq.com/s/2BPiPXPpT6bPkgUWB1AL9g) - [ ] [一上午面崩5个网络安全岗,简历吹得震天响,一聊技术全露馅!](https://mp.weixin.qq.com/s/bsTrPOtTUdvInY6S7Dg5Lg) - [ ] [中国信通院张青:解码智能经济的“新基建”底座智能经济时代,“底座”何以成为焦点?](https://mp.weixin.qq.com/s/IVdmheXwhRNhOaGkZruLJw) - [ ] [360入选CNCERT甲级支撑单位 支撑国家网络安全应急体系建设!](https://mp.weixin.qq.com/s/ngcVuIO7SjOmeQ_SqMAQ_Q) - Tenable Blog - [ ] [As the NVD scales back CVE enrichment, here’s what Tenable customers need to know](https://www.tenable.com/blog/nvd-cuts-cve-enrichment-how-tenable-helps) - Swing'Blog 浮生若梦 - [ ] [CVE-2026-41651 PackageKit TOCTOU 本地提权漏洞分析](https://bestwing.me/CVE-2026-41651-analysis.html) - 美团技术团队 - [ ] [LARYBench 发布:定义具身动作表征 ImageNet,首次度量从人类视频学习的泛化表征](https://tech.meituan.com/2026/04/27/longcat-larybench.html) - Private Feed for M09Ic - [ ] [kpcyrd contributed to kpcyrd/apt-swarm](https://github.com/kpcyrd/apt-swarm/pull/70) - [ ] [modelcontextprotocol released v1.7.2 at modelcontextprotocol/registry](https://github.com/modelcontextprotocol/registry/releases/tag/v1.7.2) - [ ] [modelcontextprotocol released v1.7.1 at modelcontextprotocol/registry](https://github.com/modelcontextprotocol/registry/releases/tag/v1.7.1) - [ ] [Mel0day starred Einsia/OpenChronicle](https://github.com/Einsia/OpenChronicle) - [ ] [CHYbeta starred A7um/zero-review](https://github.com/A7um/zero-review) - [ ] [ZeddYu starred ComposioHQ/awesome-codex-skills](https://github.com/ComposioHQ/awesome-codex-skills) - [ ] [ManassehZhou starred oras-project/oras](https://github.com/oras-project/oras) - [ ] [mgeeky starred mattpocock/skills](https://github.com/mattpocock/skills) - [ ] [LoRexxar contributed to LoRexxar/Kunlun-M](https://github.com/LoRexxar/Kunlun-M/pull/305) - [ ] [zema1 starred ElliotKillick/LdrLockLiberator](https://github.com/ElliotKillick/LdrLockLiberator) - [ ] [PrefectHQ released 3.6.29.dev2 at PrefectHQ/prefect](https://github.com/PrefectHQ/prefect/releases/tag/3.6.29.dev2) - [ ] [gh0stkey starred aeroxy/ast-outline](https://github.com/aeroxy/ast-outline) - obaby 𝐢𝐧⃝ void - [ ] [浅谈前后端分离系统的SEO优化](https://zhongxiaojie.cn/2026/04/1156/) - Recent Commits to cve:main - [ ] [Update Mon Apr 27 11:18:07 UTC 2026](https://github.com/trickest/cve/commit/555e1318af2bd54a8b6e6be5329cd08d2655e8d0) - Der Flounder - [ ] [Managing Apple Intelligence settings for macOS using Blueprints in Jamf Pro](https://derflounder.wordpress.com/2026/04/27/managing-apple-intelligence-settings-for-macos-using-blueprints-in-jamf-pro/) - Bug Bounty in InfoSec Write-ups on Medium - [ ] [From LinkedIn to Root Access: How a Phone Number, an Old Password Dump, and a Cache Poisoning Bug…](https://infosecwriteups.com/from-linkedin-to-root-access-how-a-phone-number-an-old-password-dump-and-a-cache-poisoning-bug-897b0745b439?source=rss----7b722bfd1b8d--bug_bounty) - [ ] [“Bug Bounty Bootcamp #36: SSRF Hands-On — Confirming the Server Makes the Request and Reading Local…](https://infosecwriteups.com/bug-bounty-bootcamp-36-ssrf-hands-on-confirming-the-server-makes-the-request-and-reading-local-7229cff03049?source=rss----7b722bfd1b8d--bug_bounty) - Reverse Engineering - [ ] [/r/ReverseEngineering's Weekly Questions Thread](https://www.reddit.com/r/ReverseEngineering/comments/1sww5cc/rreverseengineerings_weekly_questions_thread/) - [ ] [Using Google's Gemma 4 E4B local AI model to Reverse Engineer a simple Crackme](https://www.reddit.com/r/ReverseEngineering/comments/1sx4moc/using_googles_gemma_4_e4b_local_ai_model_to/) - [ ] [rfcat-py3](https://www.reddit.com/r/ReverseEngineering/comments/1sxb0jd/rfcatpy3/) - Malwarebytes - [ ] [A week in security (April 20 – April 26)](https://www.malwarebytes.com/blog/news/2026/04/a-week-in-security-april-20-april-26) - 奇客Solidot–传递最新科技情报 - [ ] [老房子闹鬼可能源于陈旧设施产生的次声波](https://www.solidot.org/story?sid=84164) - [ ] [欧洲批准了 Moderna 的流感和 COVID-19 联合疫苗](https://www.solidot.org/story?sid=84163) - [ ] [杀虫剂导致北美蝴蝶数量大减](https://www.solidot.org/story?sid=84162) - [ ] [发改委要求撤销对 Manus 的收购](https://www.solidot.org/story?sid=84161) - [ ] [Greg K-H 使用基于 AMD Ryzen AI Max 的 AI 工具发现内核 Bug](https://www.solidot.org/story?sid=84160) - [ ] [AI 成本可能高于人工成本](https://www.solidot.org/story?sid=84159) - [ ] [台积电泄密案 Tokyo Electron 子公司被判有罪](https://www.solidot.org/story?sid=84158) - [ ] [Linux 7.1-rc1 释出](https://www.solidot.org/story?sid=84157) - [ ] [切尔诺贝利灾难 40 年后](https://www.solidot.org/story?sid=84156) - [ ] [调查称半数澳大利亚青少年仍然能访问社交媒体](https://www.solidot.org/story?sid=84155) - 绿盟科技技术博客 - [ ] [AI赋能医疗卫生安全运营 以主动防御守护数智健康](https://blog.nsfocus.net/ai%e8%b5%8b%e8%83%bd%e5%8c%bb%e7%96%97%e5%8d%ab%e7%94%9f%e5%ae%89%e5%85%a8%e8%bf%90%e8%90%a5-%e4%bb%a5%e4%b8%bb%e5%8a%a8%e9%98%b2%e5%be%a1%e5%ae%88%e6%8a%a4%e6%95%b0%e6%99%ba%e5%81%a5%e5%ba%b7/) - [ ] [七大新趋势曝光!绿盟科技《APT高级威胁研究报告》(2026 版)正式发布](https://blog.nsfocus.net/%e4%b8%83%e5%a4%a7%e6%96%b0%e8%b6%8b%e5%8a%bf%e6%9b%9d%e5%85%89%ef%bc%81%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80%e3%80%8aapt%e9%ab%98%e7%ba%a7%e5%a8%81%e8%83%81%e7%a0%94%e7%a9%b6%e6%8a%a5%e5%91%8a/) - [ ] [巅峰加冕!绿盟科技强势斩获“黑客松-智能渗透挑战赛”第一](https://blog.nsfocus.net/%e5%b7%85%e5%b3%b0%e5%8a%a0%e5%86%95%ef%bc%81%e7%bb%bf%e7%9b%9f%e7%a7%91%e6%8a%80%e5%bc%ba%e5%8a%bf%e6%96%a9%e8%8e%b7%e9%bb%91%e5%ae%a2%e6%9d%be-%e6%99%ba%e8%83%bd%e6%b8%97%e9%80%8f%e6%8c%91/) - HackerNews - [ ] [莹牚ĺ¸é›ść—Ľćźć´žéĺˆŠç”¨ĺź•ĺ‘ć‹’çťćœĺŠĄć”ťĺ‡ťďźŒ major mining pools ĺ—役ĺ“](http://0.0.0.0:8080/post/64183) - [ ] [ĺ— ShinyHunters 泄密ĺ¨čƒĺŽďźŒADT čŻĺŽžć•°ćŽćł„éœ˛äş‹äťś](http://0.0.0.0:8080/post/64182) - [ ] [čś…ä¸€ä¸‡ĺ° Zimbra ćœĺŠĄĺ™¨ć˜“ĺ—ćŒçť XSS 攝凝](http://0.0.0.0:8080/post/64181) - [ ] [CrowdStrike LogScale 关锎ćźć´žč‡´ć”ťĺ‡ťč€…ĺŻčŽżé—Žć–‡äťś](http://0.0.0.0:8080/post/64180) - [ ] [çžŽĺ›˝ĺ…Źç”¨äş‹ä¸šĺ…Źĺ¸ Itron ćŠŤéœ˛ĺ†…éƒ¨ IT ç˝‘çťœéĺ…Ľäžľ](http://0.0.0.0:8080/post/64179) - [ ] [ç ”çŠśäşşĺ‘˜ĺ‘现 â€œéœ‡ç˝‘â€ ç—…ćŻ’ĺ‰çš„ “fast16†ćść„č˝ŻäťśďźŒç›Žć ‡ä¸şĺˇĽç¨‹č˝Żäťś](http://0.0.0.0:8080/post/64178) - 同程旅行安全应急响应中心 - [ ] [LYSRC 关于AI辅助漏洞挖掘的报告提交规范](https://mp.weixin.qq.com/s?__biz=MzI4MzI4MDg1NA==&mid=2247485342&idx=1&sn=cb96cf0f429ba77e502a35a418d77023) - 腾讯安全应急响应中心 - [ ] [好内容,值得好安全|腾讯视频联合 TSRC 专项众测](https://mp.weixin.qq.com/s?__biz=MjM5NzE1NjA0MQ==&mid=2651208393&idx=1&sn=da69a9245190d7f322d3c6d153f1b38e) - 奇安信 CERT - [ ] [今日(2026年4月27日)热点网络安全漏洞动态](https://mp.weixin.qq.com/s?__biz=MzU5NDgxODU1MQ==&mid=2247505461&idx=1&sn=0fe3a34ae11aec8b611a69da04394e50) - 看雪学苑 - [ ] [Ptrace注入代码在不同平台的区别(ARM64、x86-64、MIPS64)](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614166&idx=1&sn=86a613ea3b1ecfae8b66c1a54c4051c2) - [ ] [「HG TALK」即将开播:第一期,和一位“追卫星的人”聊聊](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614166&idx=2&sn=629e42fb0c808f26f6d56d4746c4a32c) - [ ] [务必升级!Nessus Agent Windows版曝高危提权漏洞,攻击者可获取SYSTEM权限](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614166&idx=3&sn=c37e0a23d3aa9ff2095335f4f0207e29) - [ ] [今日更新!冰与火的战歌:Windows内核攻防实战](https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458614166&idx=4&sn=db50b70abe41382ed6b1832900e3d263) - 威努特安全网络 - [ ] [知识库应用的效用评估和优化](https://mp.weixin.qq.com/s?__biz=MzAwNTgyODU3NQ==&mid=2651141436&idx=1&sn=b2f0ca0a9cbd9ae30698274015b23706) - 安全内参 - [ ] [亚洲某国财政部遭网络入侵,超1800万元被窃取](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515866&idx=1&sn=96c81d5a109de2521379f38385020b9d) - [ ] [CNCERT发布第十一届网络安全应急服务支撑单位遴选结果](https://mp.weixin.qq.com/s?__biz=MzI4NDY2MDMwMw==&mid=2247515866&idx=2&sn=ad926db7e6fc2f37eea5d5b2d96eae6c) - 黑鸟 - [ ] [影响Firefox与Tor浏览器的跨会话指纹跟踪漏洞](https://mp.weixin.qq.com/s?__biz=MzAxOTM1MDQ1NA==&mid=2451186543&idx=1&sn=917b2d0aa0bedbd8008ce0902392ab95) - 代码卫士 - [ ] [OpenAI 推出GPT-5.5 生物漏洞奖励计划,最高赏金2.5万美元](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525878&idx=1&sn=d8d9ab01c77cdf9aa112172faeb09a28) - [ ] [已存在12年之久的Pack2TheRoot 漏洞可导致攻击者获得 Linux root 访问权限](https://mp.weixin.qq.com/s?__biz=MzI2NTg4OTc5Nw==&mid=2247525878&idx=2&sn=79f2e56b6855b12ec6fb1acde9a488e5) - XCTF联赛 - [ ] [ACTF 2026 | 巅峰对决,战书已至!](https://mp.weixin.qq.com/s?__biz=MjM5NDU3MjExNw==&mid=2247516268&idx=1&sn=ec95265bdfeaed6895310dcff0a13b6e) - 安全圈 - [ ] [【安全圈】潜伏 8 年的漏洞,WPS 365 轻舟 AI 如何从源头免疫?](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076031&idx=1&sn=eabb23f8054d5d871eea7bf9685cea47) - [ ] [【安全圈】大小仅 1KB!最具毁灭性的切尔诺贝利病毒感染 6000 万台电脑:清空硬盘数据、改写主板 BIOS](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076031&idx=2&sn=05dc7492af045acb1c164313a5c7acd9) - [ ] [【安全圈】超一万台 Zimbra 服务器易受持续 XSS 攻击](https://mp.weixin.qq.com/s?__biz=MzIzMzE4NDU1OQ==&mid=2652076031&idx=3&sn=a5546b789ae33707d57bf94c322e3d9a) - 青衣十三楼飞花堂 - [ ] [请用真理狠打我脸](https://mp.weixin.qq.com/s?__biz=MzUzMjQyMDE3Ng==&mid=2247489350&idx=1&sn=b49cefaf6b0070a38b67abfa2f54d382) - 丁爸 情报分析师的工具箱 - [ ] [【资源】全球武器装备网站汇总](https://mp.weixin.qq.com/s?__biz=MzI2MTE0NTE3Mw==&mid=2651155329&idx=1&sn=5f1525d28e7442a87bfa4edd3b0bd617) - 安全牛 - [ ] [谷歌突然预警!Cloudflare 紧急调整,2029 量子安全大限已至,全球加密体系面临重构](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141139&idx=1&sn=a59eaa4e6e9d8903998f8bb0f55e3b16) - [ ] [OpenAI推出WorkspaceAgents,企业AI自动化进入“执行工作”阶段;金融网络营销强监管落地:八部门新规筑牢合规与数据安全防线 | 牛览](https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651141139&idx=2&sn=97eaafa4d90303109c293ace70154272) - 中国信息安全 - [ ] [群英汇聚榕城,共筑网安防线!第三届“长城杯”网数智安全大赛(防护赛)总决赛即将开启](https://mp.weixin.qq.com/s?__biz=MzA5MzE5MDAzOA==&mid=2664261916&idx=1&sn=968e6e82741f39e782d7f8bbf0836089) - 百度安全应急响应中心 - [ ] [百度SRC发布《AI生成漏洞报告规范》](https://mp.weixin.qq.com/s?__biz=MzA4ODc0MTIwMw==&mid=2652544059&idx=1&sn=54d3b57e5ac302690f81e44294f1a6fc) - 极客公园 - [ ] [HappyHorse 1.0 在千问首发开启灰测免费体验,重构 AI 视频赛道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653104882&idx=1&sn=d3db26c663e4e7a8beda5a9ef39ed1c1) - [ ] [当剪辑工具开始「听懂人话」:剪映做了视频创作的 Skill 化 Agent](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653104850&idx=1&sn=8ab8b0012247f78e1d403febe95fa41f) - [ ] [余承东:问界 M9 Ultimate 5 月亮相;苹果新 CEO 首秀定档 9 月发布会;马斯克:无人驾驶车正式投产 | 极客早知道](https://mp.weixin.qq.com/s?__biz=MTMwNDMwODQ0MQ==&mid=2653104819&idx=1&sn=95ba8c82ab26ef24bc95a5fbc80fb2f6) - 嘶吼专业版 - [ ] [「HG TALK」即将开播:第一期,和一位“追卫星的人”聊聊](https://mp.weixin.qq.com/s?__biz=MzI0MDY1MDU4MQ==&mid=2247587712&idx=1&sn=d03c134b547a4ce26896a52359952cab) - 软件安全与逆向分析 - [ ] [电子书更新分享:Linux内核模块编程指南.pdf](https://mp.weixin.qq.com/s?__biz=MzU3MTY5MzQxMA==&mid=2247485128&idx=1&sn=035b5f2a7cfaf6ca23ea594d1504f3ec) - 美团安全应急响应中心 - [ ] [江湖征召令|美团SRC专测活动正式开启](https://mp.weixin.qq.com/s?__biz=MzI5MDc4MTM3Mg==&mid=2247494891&idx=1&sn=15e081c3c53f5ab38a5dd3380e470121) - 微步在线 - [ ] [NVD“撑不住”了:以后NVD的漏洞该咋运营](https://mp.weixin.qq.com/s?__biz=MzI5NjA0NjI5MQ==&mid=2650186262&idx=1&sn=c9672e3b21f32b0d63cfdb3c660dfdea) - 慢雾科技 - [ ] [慢雾 2026 香港 Web3 嘉年华之旅圆满收官!](https://mp.weixin.qq.com/s?__biz=MzU4ODQ3NTM2OA==&mid=2247504841&idx=1&sn=289fc7c20f2f00f8313ea5a5c378f90f) - 情报分析师 - [ ] [别再被007骗了,真实世界的间谍可能比你同事还普通](https://mp.weixin.qq.com/s?__biz=MzA3Mjc1MTkwOA==&mid=2650567704&idx=1&sn=fecec584e844a25fd1ce0c127e19cce5) - 复旦白泽战队 - [ ] [CVPR 2026|旋转语义魔方:新一代文生图安全](https://mp.weixin.qq.com/s?__biz=MzU4NzUxOTI0OQ==&mid=2247498341&idx=1&sn=81090073211e5fdf0cc9c328cf81c185) - 京东安全应急响应中心 - [ ] [威胁情报:某指纹浏览器供应链投毒事件溯源分析](https://mp.weixin.qq.com/s?__biz=MjM5OTk2MTMxOQ==&mid=2727850843&idx=1&sn=b21ff5c2c6f7ee8451f8c05e2b9e3431) - 云鼎实验室 - [ ] [决赛排名出炉!第二届腾讯云黑客松智能渗透挑战赛收官](https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&mid=2247497522&idx=1&sn=787f8432f4dceec3461740deaf3c258e) - 数世咨询 - [ ] [报告发布 | 勒索软件威胁与防护年度报告(2026)](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542689&idx=1&sn=5dacd38384e1f5afd364a535f69b0440) - [ ] [第三届“长城杯”网数智安全大赛(防护赛)总决赛即将开启](https://mp.weixin.qq.com/s?__biz=MzkxNzA3MTgyNg==&mid=2247542689&idx=2&sn=6b441f950103577bbee1b2f68195ce65) - Desync InfoSec - [ ] [上下文窗口:AI Agent被忽视的致命攻击面](https://mp.weixin.qq.com/s?__biz=MzkzMDE3ODc1Mw==&mid=2247490238&idx=1&sn=85eceadeb04818f9da10066fe7c62f35) - [ ] [上帝权限:为什么天气查询Skill能读取你的SSH密钥](https://mp.weixin.qq.com/s?__biz=MzkzMDE3ODc1Mw==&mid=2247490238&idx=2&sn=6000ad078c5b435b6e6749cfce188de7) - [ ] [AI漏洞海啸来袭:五步构建Mythos-ready安全体系](https://mp.weixin.qq.com/s?__biz=MzkzMDE3ODc1Mw==&mid=2247490238&idx=3&sn=8186501eb56679747f4a11eb5bb77ee9) - 360数字安全 - [ ] [360入选CNCERT甲级支撑单位 支撑国家网络安全应急体系建设!](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585815&idx=1&sn=12e7dd69127d3f2995867f901e017333) - [ ] [900余家企业遭自动化攻击,360专家预警:AI正在重塑漏洞利用和攻防体系](https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247585815&idx=2&sn=102ee62fdf9bdf24a85130ecb3573e91) - 迪哥讲事 - [ ] [【SRC实战】从0到内网访问:SSRF](https://mp.weixin.qq.com/s?__biz=MzIzMTIzNTM0MA==&mid=2247499361&idx=1&sn=dfdaec5067727fdc3bb907b4d1ed39f4) - 安全行者老霍 - [ ] [CISO 在预算持平背景下竭力应对人工智能需求](https://mp.weixin.qq.com/s?__biz=Mzg3NjU4MDI4NQ==&mid=2247486545&idx=1&sn=222d258f08da12c6cd684091db1e1630) - 威胁猎人Threat Hunter - [ ] [没有“点名攻击”,就不存在风险?金融领域黑灰产正在对金融机构进行“隐藏式攻击”](https://mp.weixin.qq.com/s?__biz=MzI3NDY3NDUxNg==&mid=2247503453&idx=1&sn=15fdaf3539a0d2f32953ac4a9d229bd9) - IT Service Management News - [ ] [NIS e categorizzazione attività per ACN](http://blog.cesaregallotti.it/2026/04/nis-e-categorizzazione-attivita-per-acn.html) - 360威胁情报中心 - [ ] [Xinference 供应链安全事件调查与分析报告](https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247508515&idx=1&sn=82169bea927184c000de87d008eee7fa) - Have I Been Pwned latest breaches - [ ] [Pitney Bowes - 8,243,989 breached accounts](https://haveibeenpwned.com/Breach/PitneyBowes) - [ ] [ADT - 5,488,888 breached accounts](https://haveibeenpwned.com/Breach/ADT) - SEI Blog - [ ] [Data Poisoning in AI Models: The Case for Chain of Custody Controls](https://www.sei.cmu.edu/blog/data-poisoning-in-ai-models-the-case-for-chain-of-custody-controls/?utm_source=blog&utm_medium=rss&utm_campaign=my_site_updates) - 洞源实验室 - [ ] [AI能在15分钟内武器化CVE漏洞么?答案是能](https://mp.weixin.qq.com/s?__biz=Mzg4Nzk3MTg3MA==&mid=2247488705&idx=1&sn=1879caaae575634a0cb00d9ad9882d31) - SANS Internet Storm Center, InfoCON: green - [ ] [TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)](https://isc.sans.edu/diary/rss/32926) - Max Kersten - [ ] [My impression of Botconf 2026](https://maxkersten.nl/2026/04/27/my-impression-of-botconf-2026/) - ICT Security Magazine - [ ] [La sicurezza dei cavi sottomarini: quadro normativo e prospettive regolatorie](https://www.ictsecuritymagazine.com/articoli/sicurezza-dei-cavi-sottomarini/) - [ ] [NIS2 Enforcement Q1 2026: quando la compliance smette di essere un esercizio teorico](https://www.ictsecuritymagazine.com/articoli/nis2-enforcement-q1-2026/) - Over Security - Cybersecurity news aggregator - [ ] [Osservatorio Nessuno](https://osservatorionessuno.org/blog/2026/04/morpheus-a-new-spyware-linked-to-ips-intelligence/) - Daniel Miessler - [ ] [AI Is Not the Villain (or the Hero)](https://danielmiessler.com/blog/ai-is-not-the-villain?utm_source=rss&utm_medium=feed&utm_campaign=website) - [ ] [AI Layoffs Aren't About AI](https://danielmiessler.com/blog/ai-layoffs-arent-about-ai?utm_source=rss&utm_medium=feed&utm_campaign=website) - Schneier on Security - [ ] [Medieval Encrypted Letter Decoded](https://www.schneier.com/blog/archives/2026/04/medieval-encrypted-letter-decoded.html) - Deeplinks - [ ] [Congress Must Reject New Insufficient 702 Reauthorization Bill](https://www.eff.org/deeplinks/2026/04/congress-must-reject-new-insufficient-702-reauthorization-bill) - [ ] [The Internet Still Works: SmugMug Powers Online Photography](https://www.eff.org/deeplinks/2026/04/internet-still-works-smugmug-powers-online-photography) - Security Affairs - [ ] [Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records](https://securityaffairs.com/191391/cyber-crime/medtronic-discloses-security-incident-after-shinyhunters-claimed-theft-of-9m-records.html) - [ ] [Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software](https://securityaffairs.com/191347/intelligence/chinese-spy-posed-as-researcher-in-spear-phishing-campaign-targeting-nasa-to-steal-defense-software.html) - [ ] [LINKEDIN BROWSERGATE](https://securityaffairs.com/191383/security/linkedin-browsergate.html) - [ ] [Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting](https://securityaffairs.com/191374/security/firefox-bug-cve-2026-6770-enabled-cross-site-tracking-and-tor-fingerprinting.html) - [ ] [Fast16: Pre-Stuxnet malware that targeted precision engineering software](https://securityaffairs.com/191325/malware/fast16-pre-stuxnet-malware-that-targeted-precision-engineering-software.html) - [ ] [Italy moves to extradite Chinese national to the U.S. over hacking charges](https://securityaffairs.com/191368/apt/italy-moves-to-extradite-chinese-national-to-the-u-s-over-hacking-charges.html) - [ ] [U.S. utility giant Itron discloses a security breach](https://securityaffairs.com/191360/data-breach/u-s-utility-giant-itron-discloses-a-security-breach.html) - Blackhat Library: Hacking techniques and research - [ ] [Inside the Coinbase Cartel: How Infostealer Credentials Fueled a 100+ Company Ransomware Spree](https://www.reddit.com/r/blackhat/comments/1sx4bqa/inside_the_coinbase_cartel_how_infostealer/) - Technical Information Security Content & Discussion - [ ] [Why a Decade of Writing Detection Logic Makes the Mythos Exploit Numbers Less Scary](https://www.reddit.com/r/netsec/comments/1sx8wsj/why_a_decade_of_writing_detection_logic_makes_the/) - [ ] [[ Removed by Reddit ]](https://www.reddit.com/r/netsec/comments/1sxk737/removed_by_reddit/) - [ ] [MCPwned: a Burp Suite extension for auditing MCP servers](https://www.reddit.com/r/netsec/comments/1swxhu6/mcpwned_a_burp_suite_extension_for_auditing_mcp/) - Deep Web - [ ] [GhostGpt, FraudGPT, WormGPT](https://www.reddit.com/r/deepweb/comments/1sxgdwp/ghostgpt_fraudgpt_wormgpt/) - The Register - Security - [ ] [Ongoing supply-chain attack 'explicitly targeting' security, dev tools](https://go.theregister.com/feed/www.theregister.com/2026/04/27/supply_chain_campaign_targets_security/) - [ ] [Medical and utility tech companies admit digital breakins](https://go.theregister.com/feed/www.theregister.com/2026/04/27/itron_medtronic_hacked/) - [ ] [Trump's Golden Dome gets $3.2B of contractors and an AI sprinkle](https://go.theregister.com/feed/www.theregister.com/2026/04/27/us_names_firms_to_develop/) - [ ] [Cybersec is a thankless job: expanding workload and shrinking pay packet](https://go.theregister.com/feed/www.theregister.com/2026/04/27/from_a_massive_skills_gap/) - [ ] [Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt](https://go.theregister.com/feed/www.theregister.com/2026/04/27/home_security_giant_adt_gets/) - [ ] [Microsoft updates the Windows Update Experience: You can hit pause now](https://go.theregister.com/feed/www.theregister.com/2026/04/27/microsoft_updates_the_windows_update/) - [ ] [ICO chief John Edwards steps back as workplace probe quietly unfolds](https://go.theregister.com/feed/www.theregister.com/2026/04/27/ico_chief_john_edwards_steps/) - [ ] [Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now](https://go.theregister.com/feed/www.theregister.com/2026/04/27/anthropics_magic_codesniffer_more_swiss/) - [ ] [Google Cloud Next proves what we suspected: Everything is AI now](https://go.theregister.com/feed/www.theregister.com/2026/04/27/google_cloud_next_proves_what/) - Your Open Hacker Community - [ ] [Small and medium-sized enterprises can be easily exploited for millions now.](https://www.reddit.com/r/HowToHack/comments/1sx4fs6/small_and_mediumsized_enterprises_can_be_easily/) - [ ] [rar2john help!](https://www.reddit.com/r/HowToHack/comments/1swsy87/rar2john_help/) - [ ] [Semperis DSP vs Netwrix for AD privilege escalation path coverage](https://www.reddit.com/r/HowToHack/comments/1sx1rd5/semperis_dsp_vs_netwrix_for_ad_privilege/) - [ ] [Really wanna learn hacking. Ethical or unethical either works](https://www.reddit.com/r/HowToHack/comments/1sxack1/really_wanna_learn_hacking_ethical_or_unethical/) - [ ] [Instagram botting followers advice](https://www.reddit.com/r/HowToHack/comments/1swxdqs/instagram_botting_followers_advice/) - Security Weekly Podcast Network (Audio) - [ ] [Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - Karen Heart, Sachin Jade, Phil Calvin, Craig Sanderson, Travis Wong - ESW #456](http://sites.libsyn.com/18678/rethinking-security-from-the-os-up-in-the-age-of-ai-and-more-rsac-2026-interviews-karen-heart-sachin-jade-phil-calvin-craig-sanderson-travis-wong-esw-456) - Information Security - [ ] [How do you catch hardcoded credentials in JS before they go public](https://www.reddit.com/r/Information_Security/comments/1sx9exh/how_do_you_catch_hardcoded_credentials_in_js/) - [ ] [BlackFile Extortion Group: 7-Figure Ransoms Hit Retail Via Vishing MFA Bypass](https://www.reddit.com/r/Information_Security/comments/1sx4sos/blackfile_extortion_group_7figure_ransoms_hit/) - [ ] [Best cybersecurity course in the USA for getting a job quickly? Not just theory—real skills.](https://www.reddit.com/r/Information_Security/comments/1sx3adq/best_cybersecurity_course_in_the_usa_for_getting/) - [ ] [Why your current DLP strategy is completely blind to shadow AI interactions](https://www.reddit.com/r/Information_Security/comments/1swyez8/why_your_current_dlp_strategy_is_completely_blind/) - [ ] [Are AI policies enforceable when PII can be pasted into unapproved prompts?](https://www.reddit.com/r/Information_Security/comments/1sx1ckm/are_ai_policies_enforceable_when_pii_can_be/) - [ ] [Will this project improve my skills???](https://www.reddit.com/r/Information_Security/comments/1sww7ey/will_this_project_improve_my_skills/) - [ ] [다중 계정 탐지 로직과 포인트 생태계의 정합성 유지](https://www.reddit.com/r/Information_Security/comments/1swu555/다중_계정_탐지_로직과_포인트_생태계의_정합성_유지/) - [ ] [SSL 인증서 표기 유무에 따른 보안 신뢰도 판단의 한계점](https://www.reddit.com/r/Information_Security/comments/1swudvd/ssl_인증서_표기_유무에_따른_보안_신뢰도_판단의_한계점/) - The Hacker News - [ ] [Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack](https://thehackernews.com/2026/04/checkmarx-confirms-github-repository.html) - [ ] [⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More](https://thehackernews.com/2026/04/weekly-recap-fast16-malware-xchat.html) - [ ] [Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side](https://thehackernews.com/2026/04/mythos-changed-math-on-vulnerability.html) - [ ] [PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks](https://thehackernews.com/2026/04/phantomcore-exploits-trueconf.html) - [ ] [Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware](https://thehackernews.com/2026/04/researchers-uncover-73-fake-vs-code.html) - [ ] [Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud](https://thehackernews.com/2026/04/fake-captcha-irsf-scam-and-120-keitaro.html) - TG Soft Software House - News - [ ] [<strong>Vir.IT eXplorer PRO</strong> certificato da Virus Bulletin per aver superato il test <strong>VB100 2026-04</strong> su Win 11 PRO...](http://www.tgsoft.it/italy/news_archivio.asp?id=1734) - 安全419 - [ ] [零信任未过时 但许多实施已落后于时代](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553161&idx=1&sn=de75201c008d3ebfbe35d75082f8c086) - [ ] [权威统计|安全玻璃盒连续稳居软件供应链安全市场全国第二](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553161&idx=2&sn=2a16d915df88766504376091b562e4bb) - [ ] [第三届“长城杯”网数智安全大赛(防护赛)总决赛即将开启](https://mp.weixin.qq.com/s?__biz=MzUyMDQ4OTkyMg==&mid=2247553161&idx=3&sn=a46d614ab299598a486c3b858b3c8c21)
每日安全资讯(2026-04-28)