[每日信息流] 2025-12-19 #1087
Description
每日安全资讯(2025-12-19)
- paper - Last paper
- LevelBlue Blog
- Private Feed for M09Ic
- mgeeky starred ineesdv/Tangled
- phra starred eversinc33/unKover
- PrefectHQ released 3.6.7 at PrefectHQ/prefect
- bolucat released 202512181939 at bolucat/Archive
- kpcyrd starred 89luca89/stampdalf
- 0xbug starred FoxIO-LLC/ja4
- Mr-xn forked Mr-xn/fofa_viewer from wgpsec/fofa_viewer
- joaoviictorti starred release-plz/release-plz
- panjf2000 contributed to redis/redis
- CHYbeta starred R4gd0ll/I-Wanna-Get-All
- niudaii starred KeygraphHQ/shannon
- PrefectHQ released 3.6.7.dev9 at PrefectHQ/prefect
- freqtrade released 2025.11.2 at freqtrade/freqtrade
- phra forked phra/flipperzero-firmware-wPlugins from RogueMaster/flipperzero-firmware-wPlugins
- wuhan005 starred VictoriaMetrics/VictoriaMetrics
- 安全客-有思想的安全新媒体
- 【原创首发】首个“AI勒索软件”--纽约大学团队“PromptLock”深度剖析
- Win10停服,系统将“裸奔”?金融、交通等关键行业用户该如何有效地做好终端防护
- 惠普预测:2026 年人工智能驱动型网络威胁与 Cookie 窃取攻击将激增
- 黑力钓鱼即服务平台(BlackForce PhaaS)滥用 React 框架与有状态会话,实现多因素认证绕过与凭证窃取
- 新型恶意软件 PyStoreRAT 现身:无文件远程访问木马藏身伪造 GitHub 代码仓库,发起针对开发者的隐形攻击
- “幻影窃取者” 恶意软件借 ISO 钓鱼攻击瞄准金融领域,实施键盘记录与加密货币钱包窃取
- 青少年体育赛事及全美大学体育协会保险理赔数据或遭黑客窃取
- 飞塔防火墙单点登录高危漏洞遭在野利用:攻击者绕过认证并窃取配置文件
- ScreenConnect 高危漏洞(CVE-2025-14265)存在配置泄露与恶意扩展安装风险
- OpenShift GitOps 高危漏洞可致集群沦陷(CVE-2025-13888)—— 低权限用户可提权至 root 权限
- 《华盛顿邮报》AI 播客工具因 84% 错误率引发强烈反对
- 安全领域变动:谷歌终止暗网报告服务,称无法提供切实可行的补救措施
- Doonsec's feed
- AI Agent安全深入学习
- https认证过程图文详解
- SQL注入:一场针对数据库的“语言欺诈”
- AI聊天工具正悄然影响青少年情感与社会发展
- 在kali下运行安天MAE样本集成分析环境,算
- MaR基于BurpSuite平台开发的辅助型项目-学习使用
- 世纪网安舔狗钓鱼记
- Node.js 警报 漏洞可能导致超过 1600 万月活跃用户遭受 Windows 远程代码执行攻击
- 【高危漏洞预警】Fortinet FortiOS未正确验证加密签名漏洞CVE-2025-59718/59719
- Metasploit_Pro版安装破解
- 【情报】从美国国会和国务院资金预算分析美国对外援助项目变化趋势
- 【喜报】《情报杂志》再次入围 “最具国际影响力学术期刊”,进入全国社科期刊TOP2%
- 十一月没折扣的这些软件,现在补上!快来收下!
- 放下
- [Python]WatchDog
- 卜算子·赠妓
- [LitCTF 2023]Ping
- [GXYCTF 2019]Ping Ping Ping
- Bitter(蔓灵花) APT组织攻击活动分析
- 告别burp,2026最新yakit + proxifier小程序抓包教程
- 【SM】新调教的CTF比赛聚合信息平台
- 【吃瓜】测评核弹洞一键“挂黑”的React2Shell-Toolbox
- 【吃瓜】编程考试被注释掉的代码阴了
- 【首发复现】Fortinet 多款产品身份认证绕过漏洞,已发现在野利用(CVE-2025-59718/59719)
- wifi网络渗透:使用fluxion创建Captive Portal进行wifi钓鱼
- SecWiki News
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Recent Commits to cve:main
- Microsoft Security Blog
- Cerbero Blog
- GuidePoint Security
- Didier Stevens
- CTFするぞ
- LevelBlue SpiderLabs Blog
- Hacking Dream
- Malwarebytes
- Sucuri Blog
- VMRay
- CCC Event Blog
- Intigriti
- NVISO Labs
- 奇客Solidot–传递最新科技情报
- Black Hills Information Security, Inc.
- 腾讯玄武实验室
- 黑鸟
- 威努特安全网络
- CT Stack 安全社区
- 知道创宇404实验室
- 我的安全视界观
- Dhole Moments
- 天黑说嘿话
- 数世咨询
- 微步在线
- 安全圈
- 极客公园
- ChaMd5安全团队
- 中国信息安全
- 火线安全平台
- 代码卫士
- 安全内参
- 安全牛
- 青衣十三楼飞花堂
- 情报分析师
- 国家互联网应急中心CNCERT
- 美团技术团队
- 看雪学苑
- 安全419
- 嘶吼专业版
- 迪哥讲事
- 字节跳动技术团队
- TrustedSec
- Securityinfo.it
- ICT Security Magazine
- 360数字安全
- SANS Internet Storm Center, InfoCON: green
- Have I Been Pwned latest breaches
- Over Security - Cybersecurity news aggregator
- Quantum Italia: i 4 ambiti del polo nazionale delle tecnologie quantistiche
- Austria’s high court orders Meta to change its personalized ad practices
- New China-linked hacker group spies on governments in Southeast Asia, Japan
- Clop ransomware targets Gladinet CentreStack in data theft attacks
- University of Sydney suffers data breach exposing student and staff info
- Adios 2025, you won’t be missed
- Over $3.4 billion in crypto stolen throughout 2025, with North Korea again the top culprit
- In depth analysis of the alleged Qilin, DragonForce and LockBit alliance
- New password spraying attacks target Cisco, PAN VPN gateways
- Chinese attackers exploiting zero-day to target Cisco email security products
- Tech provider for NHS England confirms data breach
- APT28_HEADLACE
- US seizes E-Note crypto exchange for laundering ransomware payments
- NIS2 compliance: How to get passwords and MFA right
- France arrests Latvian for installing malware on Italian ferry
- Attacchi informatici in crescita del 36%: cosa racconta il nuovo Rapporto Clusit 2025
- Sette anni di GDPR e privacy ancora all’abc: la lezione dalla sanzione a Verisure e Aimag
- Pa. high court rules that police can access Google searches without a warrant
- Hackers breach internal servers of tech provider for Britain’s health service
- Il cybercrime si evolve velocemente e l’IA diventa protagonista: le previsioni di Group-IB per il 2026
- France arrests 22-year-old over Interior Ministry hack
- HPE warns of maximum severity RCE flaw in OneView software
- Microsoft: Recent Windows updates break RemoteApp connections
- Carte regalo a Natale, i ruoli privacy per i fornitori di gift card
- Year in Review by ANY.RUN: Key Threats, Solutions, and Breakthroughs of 2025
- Sekoia.io Strengthens Collective Cyber Defense at NATO CCDCOE’s Crossed Swords 2025 Exercise
- Securotrop: from affiliation to independence, the evolution of a young ransomware group
- Attacchi AI: gli hacker dell’intelligenza artificiale stanno per superare gli esseri umani
- KawaiiGPT - Deep dive into the "malicious LLM"
- AUTOSUR - 487,226 breached accounts
- The Botting Network - 96,320 breached accounts
- Millions impacted by PornHub, SoundCloud data breaches
- Schneier on Security
- 娜璋AI安全之家
- 白帽子章华鹏
- Full Disclosure
- CyberDanube Security Research 20251215-0 | Multiple Vulnerabilities in Phoenix Contact FL Switch Series
- [KIS-2025-09] Control Web Panel <= 0.9.8.1208 (admin/index.php) OS Command Injection Vulnerability
- Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking
- [CFP] Security BSidesLjubljana 0x7EA | March 13, 2026
- TorrentFreak
- The Hacker News
- China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
- HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
- ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
- North Korea-Linked Hackers Steal $2.02 Billion in 2025, Leading Global Crypto Theft
- The Case for Dynamic AI-SaaS Security as Copilots Scale
- Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
- CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation
- Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
- The Register - Security
- Amazon blocked 1,800 suspected North Korean scammers seeking jobs
- Your car’s web browser may be on the road to cyber ruin
- Crypto crooks co-opt stolen AWS creds to mine coins
- Kim's crypto thieving reached a record $2B in 2025
- Another bad week for SonicWall as SMA 1000 zero-day under active exploit
- FBI dismantles alleged $70M crypto laundering operation
- NHS tech supplier probes cyberattack on internal systems
- React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines
- DVSA's clapped-out booking system gets bot slapped as new boss rides in
- UK surveillance law still full of holes, watchdog warns
- Security Affairs
- Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw
- DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists
- U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog
- GhostPairing campaign abuses WhatsApp device linking to hijack accounts
- Tor Project blog
- Deeplinks
- Security Weekly Podcast Network (Audio)