[每日信息流] 2025-12-18 #1086
Description
每日安全资讯(2025-12-18)
- SecWiki News
- paper - Last paper
- Armin Ronacher's Thoughts and Writings
- Microsoft Security Blog
- Private Feed for M09Ic
- pydantic released v1.35.0 at pydantic/pydantic-ai
- LloydLabs starred henrygd/beszel
- liamg starred brandongregoryscott/terrafaker
- bolucat released 202512171940 at bolucat/Archive
- safedv starred CheckPointSW/VectoredOverloading
- CHYbeta starred NoFxAiOS/nofx
- WAY29 starred hefeng6500/UltimateRAG
- CHYbeta starred 0xsimao/audits
- mgeeky starred MITDeepLearning/introtodeeplearning
- PrefectHQ released 3.6.7.dev8 at PrefectHQ/prefect
- su18 forked su18/jolokia-exploitation-toolkit from laluka/jolokia-exploitation-toolkit
- su18 starred laluka/jolokia-exploitation-toolkit
- Rvn0xsy starred Finb/Bark
- Rvn0xsy forked 0x727/bark_webhook from MythicC2Profiles/basic_webhook
- Y4er forked Y4er/Covenant from cobbr/Covenant
- gh0stkey starred mem0ai/mem0
- Doonsec's feed
- IdeaCMS GetList.html存在SQL注入漏洞CVE-2025-5569 附POC
- 针对太阳能设备的网络攻击现状
- Ai Agent集体罢工?!
- 【快手】安全急招——年前面试年后入职
- 字节跳动今日召开全员大会,职级体系迎来重大变革?
- 年底大裁员!
- 学员投稿之edu漏洞的JS逆向解密导致任意密码重置
- 【高危漏洞预警】Redis缓冲区溢出漏洞CVE-2025-62507
- 【加解密】yakit热加载新手进阶
- Smali/AAR/JAR/DEX/APK逆向分析转换工具V2.5
- 原创 Paper | 现代软件开发-AI 编程安全
- 【Windows版】Acunetix Premium(AWVS) v25.8.25 高级版
- 海莲花APT组织使用跳板服务器进行攻击活动分析
- [Powershell]Invoke-WebRequest
- [第五空间 2021]WebFTP
- [LitCTF 2023]我Flag呢?
- [代码审计]WebFTP
- JDK内置keytool生成自签名HTTPS证书
- EasyTools渗透测试工具箱V2.0.2更新(新增漏洞扫描功能,优化存在的诸多bug)
- 被马斯克裁掉的网络安全岗位,又被特朗普安排上了
- 防不胜防!PayPal官方邮件被用于钓鱼攻击
- Windows 桌面窗口管理器(DWM)本地提权漏洞 CVE-2025-55681 详解
- 所以,什么最重要?
- TikTok卷入隐私争议,跨平台数据传输引关注
- 38款!上海通管局下架侵害用户权益行为APP(SDK)
- 明天见
- AI PromptBreaker:大模型安全测试与越狱神器
- 开源一个专用的,简单的,高效的RAG产品stupidsimplerag
- 存储桶相关漏洞记录
- 企业人员安全意识|实战淬炼:钓鱼演练让安全意识成为本能
- 【大话工控安全】工业控制系统行业知识:电力行业相关术语及系统功能介绍-变电站电力监控系统
- 2025年三季度汽车产业发展报告
- 生产级 API 加密的构建实用指南(从owasp开始)
- IoT安全 | 无人机安全攻防 (五):MAVLink流量嗅探与协议分析
- react2shell 漏洞浅析
- 开放科学驱动下科技智库知识治理机制与路径研究
- 欧盟委员会发布《生物技术法》,加大对生物技术产业的支持
- No one knows regex better than me(bugku)
- G.O.S.S.I.P 阅读推荐 2025-12-17 电子邮件客户端的罪与罚
- OSCE³ 之 OSED 1月10日 即将开课!速进
- 【AI安全】OpenAI 重磅发布Aardvark !AI安全守护神
- 【应急响应】小白利用火绒杀毒软件上机核查后门木马技巧
- 高中数学求最值一题
- 荣誉|银基科技荣获ICCE联盟2025年两项大奖
- 不是主场创造了奇迹,是我们永州人用热爱点燃了这座城
- 可怕的剪贴板劫持攻击
- 安全工具开发圈子:这里有可参考的源码、可测试的靶场和免费的FOFA搜索
- (附IOC)Kimsuky通过二维码分发恶意手机应用程序
- 论文研读与思考|InferDPT:黑盒大语言模型的隐私保护推理
- 论文研读与思考|VA-STV:基于Verkle累加器的无状态交易验证(VA-STV)方案在区块链物联网网络中的应用
- 行业案例 | 数据局行业数据加工安全空间实践案例
- 邮储银行发布AI2ALL数字生态,围绕2大核心路径展开
- AI快讯:重庆推动“AI+”金融服务,腾讯混元世界模型1.5发布,小米MiMo-V2-Flash媲美DeepSeek-V3.2
- 观远数据89.5万中!青岛农商银行BI+AI智能数据平台扩容服务项目
- 英伟达构建 Agentic AI 沙盒的终极指南
- LevelBlue Blog
- Recent Commits to cve:main
- 安全客-有思想的安全新媒体
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Tenable Blog
- obaby@mars
- Der Flounder
- CXSECURITY Database RSS Feed - CXSecurity.com
- Bug Bounty in InfoSec Write-ups on Medium
- Subdomain Roulette: How Forgotten Hosts Became My Golden Ticket to Admin Panels
- How I Hacked an Entrepreneur
- The Return of The Luhn Algorithm
- Known-Plaintext Attack on PHP-Proxy: From Broken Encryption to FastCGI RCE
- Call/Message anyone on Facebook directly, bypassing the message requests ($$$$+$$$$$)
- Discovering Cloud Misconfigurations with Google Dorks
- The Unconventional OSINT: How Dark Web Tools Gave Me the Edge to Find a $ Bug ️♂️
- Horizon3.ai
- glzjin
- Securelist
- Malwarebytes
- bishopfox.com
- 奇客Solidot–传递最新科技情报
- HackerNews
- 安全分析与研究
- 黑鸟
- 威努特安全网络
- 代码卫士
- 青衣十三楼飞花堂
- 安全内参
- 天黑说嘿话
- 先进攻防
- 知道创宇404实验室
- 安全客
- 安全研究GoSSIP
- 奇安信 CERT
- 威胁棱镜
- 安全圈
- 默安科技
- 中国信息安全
- 极客公园
- 信息安全国家工程研究中心
- 火绒安全
- 安全牛
- 嘶吼专业版
- 数世咨询
- 看雪学苑
- 情报分析师
- 谛听ditecting
- 360数字安全
- 黑伞安全
- 安全行者老霍
- Qualys Security Blog
- 迪哥讲事
- Over Security - Cybersecurity news aggregator
- Web Hosting Talk - 515,149 breached accounts
- Zeroday Cloud hacking event awards $320,0000 for 11 zero days
- Sicurezza delle API nell’adozione Zero Trust: ecco problemi e raccomandazioni
- France arrests suspect tied to cyberattack on Interior Ministry
- FBI takes down alleged money laundering service for ransomware groups
- Amazon: Ongoing cryptomining campaign uses hacked AWS accounts
- Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities
- TikTok tracked user’s Grindr activity in violation of European law, rights group alleges
- FTC orders crypto platform Nomad to distribute $37.5 million after 2022 theft
- Cisco says Chinese hackers are exploiting its customers with a new zero-day
- Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users
- WhatsApp device linking abused in account hijacking attacks
- Cisco warns of unpatched AsyncOS zero-day exploited in attacks
- New spyware discovered on Belarusian journalist’s phone after interrogation
- Roblox in talks with Russia to restore access after platform ban sparks backlash
- Sonicwall warns of new SMA1000 zero-day exploited in attacks
- UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager
- Privacy advocates see risk in new Meta policy that uses AI chats to serve targeted ads
- Critical React2Shell flaw exploited in ransomware attacks
- European police bust Ukraine-based call center network behind $11 million in scams
- Your MFA Is Costing You Millions. It Doesn't Have To.
- Australia’s ACSC Releases Quantum Technology Primer for Cybersecurity Leaders
- Kaspersky, le PMI italiane sono un bersaglio strutturale per il cybercrime
- France investigates Interior Ministry email breach and access to confidential files
- Il cybercrime si evolve e si adatta, integrando l’IA nel proprio arsenale: il report di ESET
- Microsoft asks IT admins to reach out for Windows IIS failures fix
- Threat Research Advisory: Mass Fake-Shop Campaign Targeting Retail Customers
- Sicurezza informatica in Italia: perché il 10% degli incidenti globali avviene nel nostro Paese
- BforeAI Named ‘Tech Innovator in Preemptive Cybersecurity’ by Gartner®
- Lexi DiScola’s guide to global teamwork and overflowing TBRs
- Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
- Truffe man in the middle, evitare il peggio è possibile: il caso dell’attacco a Opera Santa Maria del Fiore
- Trend cyber 2026: attacchi AI-driven, progresso quantistico e pressione normativa
- Quando i sistemi di intelligenza artificiale possono collassare
- 5 Ways Threat Intelligence Drives SOC ROI: Board-Ready Cases for CISOs
- Securityinfo.it
- IntelTechniques Blog
- cavallette
- SANS Internet Storm Center, InfoCON: green
- ICT Security Magazine
- Future of Tech and Security: Strategy & Innovation with Raffy
- Have I Been Pwned latest breaches
- bellingcat
- Schneier on Security
- Tor Project blog
- The Hacker News
- SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
- Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
- APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign
- New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails
- Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time
- China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware
- GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads
- The Register - Security
- Attacks pummeling Cisco AsyncOS 0-day since late November
- CEO spills the Tea about massive token farming campaigns
- Blockchain company Nomad to repay users under FTC deal after $186M cyberattack
- PwC on securing AI: building trust, compliance and confidence at scale
- NATO's battle for cloud sovereignty: Speed is existential
- Microsoft security update breaks MSMQ on older Win systems
- England keeping pen and paper exams despite limited digital expansion
- TorrentFreak
- Instapaper: Unread
- Security Affairs
- SonicWall warns of actively exploited flaw in SMA 100 AMC
- GNV ferry fantastic under cyberattack probe amid remote hijack fears
- Askul data breach exposed over 700,000 records after ransomware attack
- Russian state hackers targeted Western critical infrastructure for years, Amazon says
- U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog
- Deeplinks
- Dark Space Blogspot
- Security Weekly Podcast Network (Audio)