[每日信息流] 2025-12-12 #1079
Description
每日安全资讯(2025-12-12)
- SecWiki News
- paper - Last paper
- Tenable Blog
- LevelBlue Blog
- Recent Commits to cve:main
- Doonsec's feed
- 【网络安全】CORS跨域资源读取漏洞
- 某乎App最新X-Zse-96魔改AES白盒
- 友加畅捷管理系统GetZTList接口存在信息泄露漏洞 附POC
- 伪装的文件扩展名木马
- Nano Banana 用在网络安全面试上,offer拿到手软【国内免费】
- 逆天AI黑客--Strix
- 【从公开报告到私有神器】:如何通过漏洞报告制作字典
- Palantir的Ai技术被曝用于以色列在黎巴嫩的致命寻呼机任务
- 【高危漏洞预警】Gogs远程命令注入漏洞CVE-2025-8110
- 海莲花APT组织样本免杀技术分析
- 网空热点 AI安全 国家APT
- 官方内部资源帮你涨粉?起底专坑新主播的直播间“推流”骗局
- KaliGPT:你的AI自动化渗透测试专家,解决大模型"健忘症"!
- 【AI安全】智能体间协议(A2A)
- 基于TRAE Solo模式的安全开发之旅
- 【安全工具更新】CVE-2025-55182 批量检测工具,已适配哥斯拉内存马注入连接。
- 一道初一几何题
- 最近玩股票,闲来无事瞎扯一篇
- OpenAI重磅报告:AI技术已融入企业“核心生产流程”
- Windows Defender 防火墙服务漏洞
- Adobe Acrobat 阅读器存在允许攻击者执行任意代码漏洞
- 【大话工控安全】工业控制系统行业知识:市政行业-燃气
- 兴业银行被罚720万!
- API聚合黑科技:百万接口一键归并,准确率99.9%
- 【比赛转发】第三届“数信杯”数据安全大赛
- 解读ISO/IEC 27001
- AI 在泛前端领域的思考和实践-上篇
- CISSP年终大促即将结束!
- AAIA人工智能审计专家12月班开课倒计时!
- 鸿蒙生态首款TO B专属浏览器发布!360以AI能力推动政企生产力革命
- 共筑网络安全屏障 共探数字治理新路径——第34期无名论坛圆满落幕
- [译苑雅集Vol. 4]安全运营的 AI 化:五种变化定义 2025 年
- Private Feed for M09Ic
- PrefectHQ released 3.6.6 at PrefectHQ/prefect
- mgeeky starred breakfix/SharpSCOM
- bolucat released 202512111939 at bolucat/Archive
- WAY29 starred AperturePlus/augmented-codebase-indexer
- pydantic released v1.30.1 at pydantic/pydantic-ai
- mgeeky starred j4k0xb/webcrack
- OpenAEV-Platform released 2.0.6 at OpenAEV-Platform/openaev
- huoji120 starred Encryqed/Dumper-7
- PrefectHQ released 3.6.6.dev5 at PrefectHQ/prefect
- whwlsfb forked whwlsfb/MemShellParty from ReaJason/MemShellParty
- rabbitmask starred github/codeql
- Ridter forked Ridter/new-api from QuantumNous/new-api
- gh0stkey starred unclecode/crawl4ai
- Ridter forked Ridter/GodzillaNodeJsPayload from BeichenDream/GodzillaNodeJsPayload
- Ridter starred BeichenDream/CVE-2025-55182-GodzillaMemoryShell
- niudaii starred BeichenDream/GodzillaNodeJsPayload
- LloydLabs starred glaslos/tlsh
- pydantic released v1.30.0 at pydantic/pydantic-ai
- 安全客-有思想的安全新媒体
- Microsoft Security Blog
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Cerbero Blog
- Securelist
- Horizon3.ai
- The Trail of Bits Blog
- Hacking Dream
- VMRay
- NVISO Labs
- PortSwigger Blog
- Malwarebytes
- SentinelOne
- Wallarm
- 奇客Solidot–传递最新科技情报
- 黑海洋Wiki | Web开发工具包 | 网络安全攻防实战 | 区块链技术文档教程 - 免费资源平台
- HackerNews
- 黑鸟
- 青衣十三楼飞花堂
- 代码卫士
- 360漏洞云
- 威努特安全网络
- 微步在线研究响应中心
- 天黑说嘿话
- 安全内参
- 二道情报贩子
- 长亭安全应急响应中心
- 知道创宇404实验室
- 看雪学苑
- 安全研究GoSSIP
- 奇安信威胁情报中心
- 软件安全与逆向分析
- 奇安信 CERT
- 绿盟科技CERT
- 青藤云安全
- 补天平台
- 中国信息安全
- 信息安全国家工程研究中心
- 安全圈
- 安全学术圈
- 微步在线
- 安全牛
- 嘶吼专业版
- 数世咨询
- 美团安全应急响应中心
- 表图
- Tide安全团队
- 极客公园
- 360数字安全
- 谛听ditecting
- 阿里安全响应中心
- 迪哥讲事
- Over Security - Cybersecurity news aggregator
- Brave browser starts testing agentic AI mode for automated tasks
- Hackers exploit Gladinet CentreStack cryptographic flaw in RCE attacks
- Notepad++ fixes flaw that let attackers push malicious update files
- PreCrime Guarantee
- Malicious VSCode Marketplace extensions hid trojan in fake PNG file
- Federal agencies now only have one more day to patch React2Shell bug
- One newsletter to rule them all
- New 'DroidLock' malware demands a ransom, locks user out of device
- UK fines LastPass over 2022 data breach impacting 1.6 million users
- Microsoft bounty program now includes any flaw impacting its services
- Hackers reportedly breach developer involved with Russia’s military draft database
- Vulnerabilità zero-day in Chrome: Google rilascia una patch urgente, installiamola subito
- Announced pick for No. 2 at NSA won’t get the job as another candidate surfaces
- UK fines LastPass £1.2 million for data breach affecting 1.6 million people
- Patch Tuesday, Microsoft risolve una vulnerabilità già sfruttata e due zero-day
- AI is accelerating cyberattacks. Is your network prepared?
- New ConsentFix attack hijacks Microsoft accounts via Azure CLI
- Frodi via SMS: le strategie per contrastarle
- Inside BTMOB: An Analytical Breakdown of a Leaked Android RAT Ecosystem
- New NIS-2 Law in Germany Expands Cybersecurity Oversight and Introduces Heavy Fines
- Hackers exploit unpatched Gogs zero-day to breach 700 servers
- Social media e digital manager nella PA: una figura qualificante per la governance digitale
- From Lock Screen to Wallets: BTMOB RAT Now Targets Alipay PINs
- Hunting for Mythic in network traffic
- AI Sigma Rules: Scale Threat Detection, Drive Down MTTR
- Dati e strategie: verso i trend di cyber security per il 2026
- Microsoft fixes Windows Explorer white flashes in dark mode
- Data breach OpenAI e Mixpanel: quando il rischio nella supply chain diventa realtà
- Mandating Security by Design: Sekoia’s Blueprint for the EU Cyber Resilience Act
- Google fixes eighth Chrome zero-day exploited in attacks in 2025
- Fighting Credit Fraud in Uzbekistan: An Uphill Battle Against Social Engineering
- It didn’t take long: CVE-2025-55182 is now under active exploitation
- Google ads for shared ChatGPT, Grok guides push macOS infostealer malware
- Qualys Security Blog
- D3Lab
- Arturo Di Corinto
- 安全419
- ICT Security Magazine
- LIME e SHAP: intelligenza artificiale spiegabile per la security intelligence
- L’AI Factory italiana per l’autonomia digitale europea: la strategia di ACN presentata al Forum ICT Security 2025
- Resilienza IT/OT per la NIS2: dall’esperienza nel settore militare alla protezione delle infrastrutture critiche civili dalla vita reale alla cyber resilience
- Securityinfo.it
- IT Service Management News
- Schneier on Security
- Tails - News
- SANS Internet Storm Center, InfoCON: green
- Instapaper: Unread
- Tool 4n6pi - A lightweight, open source, forensic disk imager
- Tool Location log analysis of Google Maps IOS
- Mobile device hardening A forensic comparison of advanced protection programmes in IOS and Android
- NIS2 OBBLIGO e VERITA' quello che nessuno dice sulla cybersecurity aziendale - Andrea Goldoni
- BACKUP 3-2-1-0 La regola d'oro per dormire sonni tranquilli (forse) - Alessandro Raimondo - ItQuadro
- The Incident Adventure – La crisi è tua. Le scelte anche! - HackInBo® Business Edition Winter 2025
- Preserving evidence in the age of inactivity timers When time becomes the threat
- Tor Project blog
- TorrentFreak
- 云鼎实验室
- Trend Micro Research, News and Perspectives
- Graham Cluley
- Deeplinks
- The Hacker News
- ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
- NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
- The Impact of Robotic Process Automation (RPA) on Identity and Access Management
- WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
- Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
- Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
- Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution
- 白帽子章华鹏
- Security Affairs
- The Register - Security
- Russian hackers debut simple ransomware service, but store keys in plain text
- Google fixes super-secret 8th Chrome 0-day
- LastPass hammered with £1.2M fine for 2022 breach fiasco
- Researcher claims Salt Typhoon spies attended Cisco training scheme
- 10K Docker images spray live cloud creds across the internet
- Users report chaos as Legal Aid Agency stumbles back online after cyberattack
- Security Weekly Podcast Network (Audio)