[每日信息流] 2026-01-08 #1107
Description
每日安全资讯(2026-01-08)
- SecWiki News
- 奇安信攻防社区
- 安全客-有思想的安全新媒体
- 新型谷歌云钓鱼骗局曝光:结合电话呼叫与伪造客服邮件实施攻击
- 麒麟勒索软件攻击圣约医疗波及47.8万名患者
- 国产热门实用工具遭劫持,被用于投放浏览器恶意软件
- PHALT#BLYX组织利用伪造蓝屏与DCRat恶意软件瞄准酒店行业
- CVE-2025-67732漏洞通告:Dify发布补丁修复高风险明文API密钥泄露问题
- 谷歌修复Chrome 143版本中高危级别的WebView漏洞
- 英伟达于2026年国际消费电子展发布维拉・鲁宾人工智能超级计算机
- 法院判令OpenAI在《纽约时报》版权诉讼案中披露2000万条ChatGPT对话日志
- CVE-2025-14026:Forcepoint数据防泄漏(DLP)漏洞致使攻击者可绕过受限Python环境限制
- 微软将Edge浏览器打造为集成Copilot的人工智能指挥中心
- Doonsec's feed
- 【高危漏洞预警】jsPDF本地文件包含漏洞CVE-2025-68428
- 【高危漏洞预警】ComfyUI-Manager远程代码执行漏洞CVE-2025-67303
- 新突破:30B Qwen大模型在树莓派5上流畅运行
- 记一次的点到为止攻防
- 25种被动收入,你有几种?
- 刷小红书看笑了,仔子都会提示词注入了
- 自从进了这个京东捡漏群,拿了很多低价商品!
- 强推一款非常牛叉的专业网络流量分析工具
- 春节前该布局大模型概念股了
- 一台服务器搭建矩阵代理池,一个端口绑定一个住宅IP,实现矩阵式代理
- 网安杂谈知识记录本2026.1.7
- 《某虎数字安全销售!!!这就是你说的“随便打打”?活干完了,现在想赖账?》
- 【接口漏洞第三章第二节】解锁API漏洞宝藏:从请求方法与内容类型切入
- 【接口漏洞第三章第三节】API漏洞挖掘实录:从GET到PATCH,我是如何实现“0元购”的
- CVE-2025-55182 - Next.js-Exploit-Tool 图形化综合利用工具
- VulnHunter AI - 漏洞猎人:一款颠覆性的AI智能漏洞扫描工具
- 小白5min部署玩转CosyVoice!!!算力不够有共绩算力!
- 深入分析AuraSteale-MaaS混淆与对抗技术
- 每日课程更新
- Linux 运维:删除大日志文件时避免磁盘 IO 飙升,echo 空文件 vs truncate 命令对比实操
- 网络安全项目实施之踩坑记录
- 【攻防实战9】记一次某人民医院的点到为止
- 讲讲网络电信诈骗
- 会话密钥实现OTA的设备认证
- 圆满落幕∣新春首场汽车AI安全与出海合规专题沙龙在沪成功举办
- 聚焦eSIM新时代下的产业变革,首届中国eSIM技术创新与产业应用峰会将在3月隆重召开
- 全国网信办主任会议在京召开
- 从五个“高”要求读懂2026年网信工作新部署
- 权限维持总翻车?2026年实操指南建议收藏反复看
- MS08067实验室 承接各类网络安全业务~
- 八部门联合发布《“人工智能+制造”专项行动实施意见》
- 工信部印发《工业互联网和人工智能融合赋能行动方案》
- 利用 ADCS 攻击启用 HTTPS 的 WSUS 客户端
- 黑客侦察能力训练营
- 网络空间武器效能漫谈(一)
- SRC 靶场实战课-只有最低,没有更低!
- 告别低效!Pentest Copilot +RAG
- 超六千万次!这款小程序何以值得信赖?
- Private Feed for M09Ic
- anthropics released v2.1.1 at anthropics/claude-code
- bolucat released 202601071941 at bolucat/Archive
- Mr-xn forked Mr-xn/single_php_filehost_docker from Rouji/single_php_filehost_docker
- DVKunion contributed to DVKunion/SeaMoon
- niudaii starred WinMin/evil-opencode
- CHYbeta starred shareAI-lab/learn-claude-code
- gh0stkey starred linshenkx/prompt-optimizer
- CHYbeta starred WinMin/evil-opencode
- PrefectHQ released 3.6.10.dev4 at PrefectHQ/prefect
- WAY29 starred smallmain/vscode-unify-chat-provider
- Ridter starred AndyMik90/Auto-Claude
- 0xbug starred AnmolSaini16/mapcn
- gh0stkey starred tonsky/FiraCode
- Ridter starred K-Dense-AI/claude-scientific-skills
- LoRexxar starred anthropics/claude-code
- pydantic released v1.40.0 at pydantic/pydantic-ai
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- obaby@mars
- Microsoft Security Blog
- Recent Commits to cve:main
- CXSECURITY Database RSS Feed - CXSecurity.com
- Bug Bounty in InfoSec Write-ups on Medium
- Horizon3.ai
- Der Flounder
- daniel.haxx.se
- Thomas Reed Photography
- Malwarebytes
- rtl-sdr.com
- Security Blog | Praetorian
- Dhole Moments
- 奇客Solidot–传递最新科技情报
- 安全分析与研究
- HackerNews
- 黑鸟
- 安全内参
- Black Hills Information Security, Inc.
- 安全客
- 代码卫士
- 奇安信 CERT
- 二道情报贩子
- 软件安全与逆向分析
- 吾爱破解论坛
- 中国信息安全
- 看雪学苑
- 网安杂谈
- 火绒安全
- 极客公园
- 阿里安全响应中心
- 数世咨询
- 安全圈
- 丁爸 情报分析师的工具箱
- 黑伞安全
- XCTF联赛
- 嘶吼专业版
- 安全牛
- 补天平台
- OnionSec
- 360数字安全
- 安全419
- Over Security - Cybersecurity news aggregator
- New GoBruteforcer attack wave targets crypto, blockchain projects
- OpenAI says ChatGPT won't use your health information to train its models
- Critical jsPDF flaw lets hackers steal secrets via generated PDFs
- Spanish airline Iberia attributes recent data breach claims to November incident
- Illinois state agency exposed personal data of 700,000 people
- ChatGPT is losing market share as Google Gemini gains ground
- Stalkerware operator pleads guilty in rare prosecution
- Logitech Options+, G HUB macOS apps break after certificate expires
- Max severity Ni8mare flaw lets hackers hijack n8n servers
- Scoperto falso portale del Ministero dell’Interno: phishing su permesso di soggiorno
- Due estensioni Chrome hanno compromesso le chat di ChatGPT e DeepSeek
- In 2026, Hackers Want AI: Threat Intel on Vibe Hacking & HackGPT
- Microsoft: Classic Outlook bug prevents opening encrypted emails
- La cyber security è la sicurezza del paziente: un imperativo clinico per tutti
- Alleged cyber scam kingpin arrested, extradited to China
- Linee guida NIS : il nuovo quadro normativo per la risposta agli incidenti
- ownCloud urges users to enable MFA after credential theft reports
- Backdoors in VStarcam cameras
- New Veeam vulnerabilities expose backup servers to RCE attacks
- Cyberattack forces British high school to cancel classes and delay reopening
- Google Search AI hallucinations push Google to hire "AI Answers Quality" engineers
- CryptPad e paradigma zero-knowledge: binomio vincente per la sicurezza dei dati aziendali
- UK announces plan to strengthen public sector cyber defenses
- CPR come zone offline: quando la cyber security diventa esclusione sociale
- How Cisco Talos powers the solutions protecting your organization
- OpenAI is reportedly getting ready to test ads in ChatGPT
- Ecco come organizzare una difesa preventiva contro i ransomware
- Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware
- OpenAI is rolling out GPT-5.2 “Codex-Max” for some users
- 迪哥讲事
- ICT Security Magazine
- 国家互联网应急中心CNCERT
- Qualys Security Blog
- bellingcat
- Securityinfo.it
- Schneier on Security
- 希潭实验室
- Troy Hunt's Blog
- The Hacker News
- Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators
- Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches
- Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
- n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
- The Future of Cybersecurity Includes Non-Human Employees
- Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
- Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
- Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
- NetSPI
- SANS Internet Storm Center, InfoCON: green
- The Register - Security
- IBM's AI agent Bob easily duped to run malware, researchers show
- ESA calls cops as crims lift off 500 GB of files, say security black hole still open
- Stalkerware slinger pleads guilty for selling snooper software to suspicious spouses
- Microsoft scraps Exchange Online spam clamp after customers cry foul
- Ministry of Justice splurged £50M on security – still missed Legal Aid Agency cyberattack
- Jaguar Land Rover wholesale volumes plummet 43% in cyberattack aftermath
- HSBC app takes a dim view of sideloaded Bitwarden installations
- HackerOne 'ghosted' me for months over $8,500 bug bounty, says researcher
- Deeplinks
- Security Affairs
- Ni8mare flaw gives unauthenticated control of n8n instances
- Misconfigured email routing enables internal-spoofed phishing
- Veeam resolves CVSS 9.0 RCE flaw and other security issues
- Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers
- Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector
- TorrentFreak
- Daniel Miessler
- Security Weekly Podcast Network (Audio)