[每日信息流] 2026-01-23 #1126
Description
每日安全资讯(2026-01-23)
- Doonsec's feed
- 大华智能物联ICC综合管理平台evo-apigw/evo-cirs/file/download接口存在任意文件读取漏洞 附POC
- 【高危漏洞预警】SmarterMail身份认证绕过漏洞
- 泄密者的致命疏忽:打印机监控存档涉密截图
- 没招了家人们,又是一年冬天
- 逆天漏洞:《明日方舟:终末地》海外首日公测上线就遭遇T0级事故
- 秒获Root权限!CVE-2026-24061 批量扫描工具!
- 他们说这不可能,但我用 Claude 聊天就逆向提取了商业扫描器全部漏洞规则
- 今日互联网安全速报2026-01-22|Log4j|Apache Struts|CVE-20126-2091|华为MatePad|小米智能手表|8n8【黑客驰】
- ReasAlign!让大模型一眼看穿提示注入阴谋
- 漏洞复现 || Mailpit服务端请求伪造
- 追踪诈骗虚拟货币团伙 渗透内部,世上没有免费的午餐
- 九冠封神!黑色键盘霸榜九年再获京东SRC年度No.1
- 无线工具Aircrack配套插件
- React Agent 多轮对话架构深度对比 - Antigravity vs Claude Code
- 32岁程序员猝死。。。
- 2025中国AIEV产业年度回顾及发展总结报告
- 【AI安全】ReasAlign!让大模型一眼看穿提示注入阴谋!
- 美国经济顾问委员会最新报告:《人工智能与大分流》
- 人民公安报评论员:坚持党的绝对领导 锻造新时代政法铁军
- 人民公安报评论员:忠实履行使命任务 建设更高水平平安中国
- 漏洞复现 | 昂捷CRM UploadFile 任意文件上传漏洞
- 做了几年安全后才明白:真正危险的不是漏洞,而是系统没人懂
- AI自主决策代码审计的小优化
- JSRC2025年度英雄榜单揭晓!
- 纯小白必看从0学习信息搜集到越权实战全流程
- 【成功复现】Mailpit服务端请求伪造漏洞(CVE-2026-21859)
- 3300 万条短信洞察:免密登录成黑客后门,数百万用户隐私裸奔
- 未来CSO训练营|升级报名:蓄能2026,领跑AI时代
- 最高检发布6起个人信息保护检察公益诉讼典型案例
- 免费赠送 | 青少年安全意识科普素材(第十二期)
- 基层减负王炸!行政案件快办一体机实战出圈广获好评!
- 培训报名→手把手教你破解世界级手机解锁技术难题
- 【接口漏洞第八章第三节】下一个漏洞赏金:或许就藏在未净化的GraphQL参数里
- 建一座不容易塌的房子:SDL应用浅析
- paper - Last paper
- Recent Commits to cve:main
- Microsoft Security Blog
- SecWiki News
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- 奇安信攻防社区
- Private Feed for M09Ic
- pydantic released v1.46.0 at pydantic/pydantic-ai
- anthropics released v2.1.17 at anthropics/claude-code
- mgeeky starred leftp/WimReader
- bolucat released 202601221942 at bolucat/Archive
- CHYbeta starred slopus/happy
- timwhitez contributed to vercel-labs/agent-browser
- bolucat released 202601221627 at bolucat/Archive
- whwlsfb starred authelia/authelia
- gh0stkey starred owasp-noir/noir
- gh0stkey starred remotion-dev/remotion
- CHYbeta starred nibzard/awesome-agentic-patterns
- shmilylty starred huaimeng666/gofinger
- lz520520 starred bytewreck/DumpGuard
- 0xbug starred google-gemini/gemini-fullstack-langgraph-quickstart
- ring04h starred Z3ratu1/geacon_plus
- safedv starred Mr-Un1k0d3r/SCShell
- Ascotbe starred frankbria/ralph-claude-code
- PrefectHQ released 3.6.13.dev2 at PrefectHQ/prefect
- pathwaycom released v0.29.0 at pathwaycom/pathway
- gh0stkey starred aymenfurter/ralph
- 0xbug starred benjitaylor/agentation
- 0xbug starred mem0ai/mem0
- GuidePoint Security
- Horizon3.ai
- Malwarebytes
- Intigriti
- Darren Martyn
- rtl-sdr.com
- 奇客Solidot–传递最新科技情报
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 安全分析与研究
- 黑鸟
- 安全客
- 代码卫士
- 微步在线研究响应中心
- 威努特安全网络
- 安全内参
- 二道情报贩子
- 青山青吖
- 信息安全国家工程研究中心
- 安全圈
- 中国信息安全
- 腾讯安全应急响应中心
- 奇安信 CERT
- 看雪学苑
- 安全牛
- 绿盟科技CERT
- XCTF联赛
- 极客公园
- 嘶吼专业版
- 数世咨询
- 腾讯安全威胁情报中心
- 陌陌安全
- 美团安全应急响应中心
- Beacon Tower Lab
- 京东安全应急响应中心
- 情报分析师
- TrustedSec
- 迪哥讲事
- 字节跳动技术团队
- OnionSec
- Over Security - Cybersecurity news aggregator
- Ireland plans law allowing law enforcement to use spyware
- Okta SSO accounts targeted in vishing-based data theft attacks
- Curl ending bug bounty program after flood of AI slop reports
- I scan, you scan, we all scan for... knowledge?
- Spanish judge closes NSO Group spyware probe due to lack of cooperation from Israel
- SmarterMail auth bypass flaw now exploited to hijack admin accounts
- Ireland proposes new law allowing police to use spyware
- House of Lords backs legislation to ban social media for children under 16
- INC ransomware opsec fail allowed data recovery for 12 US orgs
- Microsoft Teams to add brand impersonation warnings to calls
- Semplificare l’AI Act ha un costo: il monito di EDPB e EDPS sulla credibilità delle regole
- AI Act e “Digital Omnibus”: EDPB e EDPS frenano sulla semplificazione a scapito dei diritti
- Why Active Directory password resets are surging in hybrid work
- Quantum computing, una minaccia per la crittografia: come prepararsi oggi
- Microsoft updates Notepad and Paint with more AI features
- Intercepting OkHttp at Runtime With Frida - A Practical Guide
- Foxit, Epic Games Store, MedDreams vulnerabilities
- Jordan used Cellebrite phone-hacking tools against activists critical of Gaza war, report finds
- Hackers exploit 29 zero-days on second day of Pwn2Own Automotive
- Threat Advisory: Scam Activity Leveraging U.S. Actions in Venezuela in January 2026
- Hackers breach Fortinet FortiGate devices, steal firewall configs
- UE verso il divieto di apparati cinesi nelle infrastrutture critiche: sfide e interrogativi
- Sanità e rischi cyber: il settore è sotto assedio, ma NIS2 e formazione sono la risposta giusta
- Ancora una campagna di phishing su “scadenza Tessera Sanitaria”: breve sintesi del contesto
- Come hanno rubato l’account ad Andrea Galeazzi: il phishing Oauth
- ANY.RUN Sandbox & MISP: Confirm Alerts Faster, Stop Incidents Early
- Zendesk ticket systems hijacked in massive global spam wave
- 360数字安全
- Qualys Security Blog
- 吾爱破解论坛
- ICT Security Magazine
- Whistleblower Tool europeo per l’AI Act: preparare l’azienda alla governance multilivello delle segnalazioni
- Cyber insurance PMI: cosa sapere prima di sottoscrivere
- Truffa della ballerina WhatsApp: un attacco che sfrutta la fiducia
- SBOM e Cyber Resilience Act: come SPDX 3.0 e CycloneDX ridefiniscono la sicurezza della supply chain software
- Schneier on Security
- SEI Blog
- SANS Internet Storm Center, InfoCON: green
- 娜璋AI安全之家
- The Hacker News
- New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
- Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
- ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
- Filling the Most Common Gaps in Google Workspace Security
- Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
- SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
- Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
- Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
- Security Affairs
- Machine learning–powered Android Trojans bypass script-based Ad Click detection
- Critical SmarterMail vulnerability under attack, no CVE yet
- Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks
- U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog
- Trend Micro Research, News and Perspectives
- NetSPI
- The Register - Security
- Crims hit the easy button for Scattered-Spider style helpdesk scams
- Crims compromised energy firms' Microsoft accounts, sent 600 phishing emails
- FortiGate firewalls hit by silent SSO intrusions and config theft
- Europe's GDPR cops dished out €1.2B in fines last year as data breaches piled up
- Bank of England: Financial sector failing to implement basic cybersecurity controls
- Ancient telnet bug happily hands out root to attackers
- Another week, another emergency patch as Cisco plugs Unified Comms zero-day
- TorrentFreak
- 云鼎实验室
- 白帽子章华鹏
- Security Weekly Podcast Network (Audio)