[每日信息流] 2025-12-10 #1077
Description
每日安全资讯(2025-12-10)
- SecWiki News
- paper - Last paper
- Private Feed for M09Ic
- bolucat released 202512091935 at bolucat/Archive
- Ridter starred QuantumNous/new-api
- Fplyth0ner-Combie starred whoisflynn/OSCP-Exam-Report-Template
- Mr-xn forked Mr-xn/AntiHub from AntiHub-Project/AntiHub
- zema1 contributed to zema1/suo5
- safedv starred bscript/rep
- niudaii starred usestrix/strix
- 4ra1n starred donlon/cloudflare-error-page
- Rvn0xsy starred vishvananda/netlink
- esrrhs starred FunAudioLLM/CosyVoice
- safedv starred hwbp/LazyHook
- PrefectHQ released 3.6.6.dev3 at PrefectHQ/prefect
- future-architect released v0.37.0 at future-architect/vuls
- CHYbeta starred zema1/suo5
- zema1 starred hwbp/CLR-Unhook
- esrrhs starred jaywalnut310/vits
- gh0stkey starred gitui-org/gitui
- pydantic released v1.28.0 at pydantic/pydantic-ai
- 先知安全技术社区
- Armin Ronacher's Thoughts and Writings
- CXSECURITY Database RSS Feed - CXSecurity.com
- Mbed TLS 3.6.4 Use-After-Free
- BigAnt Office Messenger 5.6.06 SQL Injection
- phpIPAM 1.5.1 SQL Injection
- Flask 3.0.0 CookApp - Multiple Unauthenticated RCE Vulnerabilities
- Flask 3.1.2 CookApp - Multiple - RCE-Unauthenticated-access
- XWiki Platform 15.10.10 Metasploit Module for Remote Code Execution (RCE)
- Doonsec's feed
- 积极参与投票
- Discord平台情报收集攻略
- 白话AI安全:32个故事带你读懂AI的攻防博弈(文末赠书)
- 【吃瓜】360拦截自己远控操作
- 分享的图片、视频、链接
- 葡萄牙更新网络犯罪法,可豁免安全研究人员
- 复习太难?我做了个刷题网站,效率直接翻3 倍!
- 农行研发中心社招人工智能平台与深度应用工程师
- 讯飞医疗658.79万中!农行晋城市分行晋城市人民医院“AI 智慧门诊”项目
- 如何发现 OpenAI Atlas的 OAuth泄漏漏洞
- 天地伟业Easy7 queryPassword接口存在任意文件读取漏洞 附POC
- 【2026最新】社工钓鱼工具推荐合集,红队必备
- APT37组织TMD强壳攻击样本分析
- 网络安全框架全景解读(下):攻防融合与持续防御体系
- 【转载】实施网络数据安全风险评估办法 加强国家网络数据安全能力建设
- 云手机Redroid Android13虚拟摄像头方案
- 服务器被境外IP疯狂爆破,看我怎么治他们?
- 反序列化远程代码执行漏洞-CVE-2025-55182-复现
- 【红楼梦】莫失莫忘,仙寿恒昌
- 网安原创文章推荐【2025/12/8】
- 【高危漏洞预警】n8n远程代码执行漏洞CVE-2025-65964
- 别再把网线插错了!跳线 vs 交叉线,一次说透
- 普华PMS GetFilesData sql注入
- 【漏洞检测脚本】Apache Tika XXE注入漏洞(CVE-2025-66516)
- 【安全工具速递】CVE-2025-55182 批量检测工具,支持一键RCE、内存马注入、反向shell等。
- 别等告警刷屏了!87%的未知APT,正在被这套AI架构精准捕获
- 四大赛道沉浸式竞技!2025智能机器人大赛圆满收官
- 中国软件评测中心获评全国总工会第二届职工数字化应用技术技能大赛突出贡献单位,助力福建省代表队摘得数据安全管理员竞赛团队第一名!
- 深度剖析:React Server Components安全漏洞CVE-2025-55182
- 【大话工控安全】工业控制系统行业知识:半导体行业
- 小米“零容忍”辞退9年老将背后:信息化监管正成为企业内控“鹰眼”
- 12月,警惕!国家级的网络间谍活动和全球性的高危漏洞攻击
- 自研C2【XC2】1.0.5版本发布,新增C++植入端【支持生成DLL】、新增Windows服务端、双端通信加密
- 外卖“新国标”重塑餐饮安全生态,学校食堂管理或将迎来智能化进阶?
- 【0day】致远OA再曝反序列化漏洞,速览
- 喜报!玲珑安全荣获“2025年信息通信网络安全管理员职业技能竞赛”团队赛二等奖
- Vulnhub靶场之Moneybox
- 可灵团队提出OmniSync:无限时长、强id保持、遮挡情况下强鲁棒性,视频口型编辑新突破!
- 本周发布行政令!特朗普重提限制各州AI监管
- 工信部通报24款存在侵害用户权益行为APP及SDK
- 【课程】取证进阶!电子数据调查分析技术(中级)培训在线启动
- 现在大厂Hr,招聘时挑选AI候选人是什么心态?
- DC-5 渗透测试WP
- 双 12 年末感恩庆典,正版软件优惠 6 折起
- 基础设施安全-网络安全
- 【AI安全】拆解 OWASP LLM Top 10 攻击架构图
- 多阶段攻击链深度解析:从JScript到双恶意软件的渗透路径
- 一次真实应急处置复盘
- 专题·漏洞生态 | 关键信息基础设施国产化产品漏洞治理挑战与生态共建路径探析
- 专家解读|王志成:实施网络数据安全风险评估办法 加强国家网络数据安全能力建设
- 关注 | 工信部通报24款存在侵害用户权益行为APP及SDK
- Tenable Blog
- Google Online Security Blog
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- 美团技术团队
- 奇安信攻防社区
- Microsoft Security Blog
- Recent Commits to cve:main
- Horizon3.ai
- Securelist
- Malwarebytes
- SentinelOne
- Intigriti
- Adam Caudill
- rtl-sdr.com
- 奇客Solidot–传递最新科技情报
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- 奇安信 CERT
- HackerNews
- 安全内参
- 腾讯玄武实验室
- 奇安信威胁情报中心
- 黑鸟
- 天黑说嘿话
- ChaMd5安全团队
- 威努特安全网络
- 腾讯安全威胁情报中心
- 信息安全国家工程研究中心
- 中国信息安全
- 看雪学苑
- 安全圈
- 安全学术圈
- dotNet安全矩阵
- 补天平台
- 数世咨询
- 默安科技
- 国家互联网应急中心CNCERT
- 代码卫士
- 嘶吼专业版
- 火绒安全
- 字节跳动安全中心
- 谛听ditecting
- 极客公园
- 迪哥讲事
- 安全牛
- TrustedSec
- Qualys Security Blog
- 安全产品人的赛博空间
- 安全419
- Arturo Di Corinto
- 360数字安全
- Securityinfo.it
- SEI Blog
- IT Service Management News
- 丁爸 情报分析师的工具箱
- SANS Internet Storm Center, InfoCON: green
- Over Security - Cybersecurity news aggregator
- Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities
- Microsoft Patch Tuesday, December 2025 Edition
- SAP fixes three critical vulnerabilities across multiple products
- California man pleads guilty to RICO charges as DOJ indicts crypto theft gang
- Competizione Ibrida e risposta multi-dominio: la riorganizzazione della Difesa nel Piano Crosetto
- Windows PowerShell now warns when running Invoke-WebRequest scripts
- Microsoft releases Windows 10 KB5071546 extended security update
- Windows 11 KB5072033 & KB5071417 cumulative updates released
- Fortinet warns of critical FortiCloud SSO login auth bypass flaws
- Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
- Maintaining enterprise IT hygiene using Wazuh SIEM/XDR
- Ivanti warns of critical Endpoint Manager code execution flaw
- Khashoggi widow files complaint in France alleging Saudi government infected devices with spyware
- Spain arrests teen who stole 64 million personal data records
- North Korean hackers exploit React2Shell flaw in EtherRAT malware attacks
- Ransomware IAB abuses EDR for stealthy malware execution
- Seoul cyber investigators seize data, devices from ‘South Korea’s Amazon’ following data breach
- Il CISO come risk manager: dieci driver per mappare business e minacce
- Malware Analysis
- The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes
- New FvncBot Android banking trojan targets Poland | Intel 471
- Microsoft investigates Copilot outage affecting users in Europe
- Goodbye, dark Telegram: Blocks are pushing the underground out
- New BYOVD loader behind DeadLock ransomware attack
- Prima multa del Digital Services Act a X: la fine dell’illusione Muskiana?
- Track Evolving Cyber Threat Landscape for Your Industry & Country in Real Time
- Il punto cieco della NIS 2: l’articolo 24 del decreto e la sicurezza dei sistemi OT
- Quantum safety: la sicurezza finanziaria entra nell’era post-quantistica
- React2Shell: più di 160.000 indirizzi IP vulnerabili, oltre 30 organizzazioni già colpite
- Ransomware gangs turn to Shanya EXE packer to hide EDR killers
- Schneier on Security
- The Register - Security
- Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday
- How to answer the door when the AI agents come knocking
- Porsche panic in Russia as pricey status symbols forget how to car
- As humanoid robots enter the mainstream, security pros flag the risk of botnets on legs
- UK to Europe: The time to counter Russia's information war machine is now
- UK finally vows to look at 35-year-old Computer Misuse Act
- Whitehall rejects £1.8B digital ID price tag – but won't say what it will cost
- Researchers spot 700 percent increase in hypervisor ransomware attacks
- Graham Cluley
- Security Affairs
- ICT Security Magazine
- The Hacker News
- North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
- Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure
- Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading
- How to Streamline Zero Trust Using the Shared Signals Framework
- Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats
- STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
- Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
- Krebs on Security
- Instapaper: Unread
- Create a bootable external disk for Apple silicon Macs in Tahoe
- Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain
- Percezione, inazione e reazione. Come combattere nella battaglia (dis)informativa
- 193 cybercrims arrested, accused of plotting 'violence-as-a-service'
- TorrentFreak
- Security Weekly Podcast Network (Audio)