[每日信息流] 2025-10-28 #1033
Description
每日安全资讯(2025-10-28)
- SecWiki News
- 奇安信攻防社区
- Tenable Blog
- 嘶吼 RoarTalk – 网络安全行业综合服务平台,4hou.com
- Private Feed for M09Ic
- kpcyrd contributed to actix/actix-net
- bolucat released 202510271935 at bolucat/Archive
- veo starred Darkrain2009/RedExt
- mgeeky starred gerardog/gsudo
- pmiaowu starred swisskyrepo/SSRFmap
- zema1 starred jackc/pgx
- timwhitez starred xbow-engineering/validation-benchmarks
- LoRexxar forked LoRexxar/phplist-plugin-restapi from phpList/phplist-plugin-restapi
- safedv starred 0xflux/Wyrm
- wuhan005 forked wuhan005/new-api from QuantumNous/new-api
- CHYbeta starred HKUDS/AI-Trader
- Rvn0xsy starred Flangvik/SharpCollection
- lz520520 starred moiz-2x/CVE-2025-24990_POC
- memN0ps starred leptos-rs/leptos
- Recent Commits to cve:main
- Doonsec's feed
- G.O.S.S.I.P 阅读推荐 2025-10-27 模棱两可之处见真章
- ForumTroll APT组织借浴火重生后的Hacking Team间谍软件加入网络战场
- NestJSDevTools存在远程命令执行漏洞CVE-2025-54782 附POC
- 意想不到的任意用户密码重置
- SecWiki周刊(第608期)
- 【渗透Tips】XXE高效Payload记录
- 强网拟态2025 WriteUP By N0wayBack
- 三季度报告:电科网安第三季度营收2.69亿,前三季度营收累计7.57亿,同比减少23.71%。
- 一场蓄谋2年的国家级APT攻击细节披露:加密技术成为隐藏武器
- 【工具分享】自动化生成文件上传数据包
- 网络安全公司想增长?先做 “品类迁徙”:从合规到业务需求,就看这几步(突围系列)
- 这破功能逼疯打工人——致远OA旧选人组件换新选人组件攻略
- 泛微OA E9 如何让多人协作填表时“各填各的”?——基于权限控制的精细化填报方案
- 微信封三天,刚好,无境靶场快上线了,快来看看吧!
- 【高危漏洞预警】Windows Cloud Files Filter Driver权限提升漏洞CVE-2025-55680
- 取证云上架首届“数证杯”参考题解,备赛党速看!
- 快手技术沙龙举办:生成式推荐系统如何重构搜推广?
- GeekCon 2025 回顾:我们的独家洞见与思考
- 三条命令完成Mac版微信4.0(及以上)双开
- 「智汇安全·洞见未来」——复旦大学计算与智能创新学院学科周论坛精彩回顾
- 为什么我给所有 Linux 服务器都上了全盘加密(LUKS)
- AI占比18%!央行2024年度金融科技发展奖这些AI项目最亮眼
- AI快讯:腾讯发布AI程序员Ada,我国实现机器人算法重大突破
- 270万!中银基金大模型应用基础建设项目,含:AI计算服务器、智能体平台软件
- BITs2CTF 2025报名开启!等你来战!
- 2025年“羊城杯”网络安全大赛决赛WP
- 一种基于PKI技术的汽车OTA安全升级方案
- 上汽通用五菱:智能网联汽车CAN总线信息安全测试方法
- 车联网供应链安全与合规培训课程 2025
- 等级保护标准体系再完善:六项新技术公安行标正式发布
- JavaScript嗅探器的新变化
- Fastjson2下的反序列化调用链完整过程
- 全国密评地图 | 国密局160家密评机构名单正式发布
- Dell Storage Manager 的严重漏洞让攻击者破坏系统
- 黑客利用 Windows Server Update Services RCE 漏洞
- 论文研读与思考|服务化控制信息传输架构与异常检测技术调研
- 第八届“强网”拟态防御国际精英挑战WP
- 请勿轻信低价骗局!Steam假入库灰产陷阱手法剖析
- 诚邀渠道合作伙伴共启新征程
- CXSECURITY Database RSS Feed - CXSecurity.com
- paper - Last paper
- GuidePoint Security
- Didier Stevens
- Malwarebytes
- Intigriti
- Securelist
- 黑海洋 - Wiki
- 安全分析与研究
- 威努特安全网络
- 看雪学苑
- 奇客Solidot–传递最新科技情报
- 腾讯玄武实验室
- 天黑说嘿话
- 安全内参
- 雷神众测
- 安全学术圈
- 奇安信威胁情报中心
- 代码卫士
- 网安志异
- 安全圈
- 丁爸 情报分析师的工具箱
- 中国信息安全
- 腾讯安全威胁情报中心
- 安全研究GoSSIP
- dotNet安全矩阵
- 长亭科技
- 奇安信 CERT
- 极客公园
- 数世咨询
- 情报分析师
- 安全牛
- 深信服千里目安全技术中心
- 复旦白泽战队
- 吴鲁加
- 迪哥讲事
- 安全419
- 字节跳动技术团队
- 360数字安全
- 赛博昆仑CERT
- ICT Security Magazine
- 京东安全应急响应中心
- CNVD漏洞平台
- 美团技术团队
- 希潭实验室
- SANS Internet Storm Center, InfoCON: green
- 安天AVL威胁情报中心
- IT Service Management News
- Securityinfo.it
- Over Security - Cybersecurity news aggregator
- Earth Estries alive and kicking
- US declines to join more than 70 countries in signing UN cybercrime treaty
- Google disputes false claims of massive Gmail data breach
- X: Re-enroll 2FA security keys by November 10 or get locked out
- Sweden’s power grid operator confirms data breach claimed by ransomware gang
- Ransomware profits drop as victims stop paying hackers
- Windows will soon prompt for memory scans after BSOD crashes
- Italian-made spyware spotted in breaches of Russian, Belarusian systems
- Cities reverse course on automated license plate reader cameras amid privacy concerns
- QNAP warns of critical ASP.NET flaw in its Windows backup software
- Italian spyware vendor linked to Chrome zero-day attacks
- Google says everyone will be able to vibe code video games
- What brain privacy will look like in the age of neurotech
- The State of Exposure Management in 2025: Insights From 3,000+ Organizations
- Microsoft: New policy removes pre-installed Microsoft Store apps
- Guerre di Rete - Dove è finita l'etichetta AI
- Post-Quantum Cryptography in 2025 – Migration Paths, Early Movers and CISO/RedTeam Impact
- NetExec – Network Execution Toolkit for Windows and Active Directory
- Reaper – Unified Application Security Testing with AI Support
- In corso uno smishing ai danni di Autostrade per l’Italia
- APT-C-60 Escalates SpyGlace Campaigns Targeting Japan with Evolved Malware, Advanced Evasion TTPs
- CISA orders feds to patch actively exploited Windows Server WSUS flaw
- From Human-Led to AI-Driven: Why Agentic AI Is Redefining Cybersecurity Strategy
- CISA releases warning about Windows Server Update Service bug, orders agencies to patch
- Compliance Checker: come funziona il tool europeo per valutare la conformità all’AI Act
- Dante, lo spyware italiano usato in campagne di cyberspionaggio
- Not found. Sign Up to RSS.app to use this feed.
- Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
- Se l’AI diventa una minaccia interna: Atlas e i rischi aziendali
- AI Act e la proposta di moratoria: in gioco è il modello europeo di governo del digitale
- Hackers steal Discord accounts with RedTiger-based infostealer
- Cosa insegnano Lynx e il Ransomware-as-a-Service (RaaS) in generale
- CERT-AGID 18–24 ottobre: phishing a tema PagoPA e Fascicolo Sanitario tra le campagne più insidiose
- NinjaFirewall and the General Data Protection Regulation (GDPR).
- Mem3nt0 mori – The Hacking Team is back!
- MyVidster (2025) - 3,864,364 breached accounts
- Uncovering Qilin attack methods exposed through multiple cases
- Troy Hunt's Blog
- Have I Been Pwned latest breaches
- Security Affairs
- Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.
- Crafted URLs can trick OpenAI Atlas into running dangerous commands
- Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD
- Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws
- The Hacker News
- X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts
- New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands
- ⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
- Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
- ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands
- TorrentFreak
- 网安国际
- Deeplinks
- The Register - Security
- WSUS attacks hit 'multiple' orgs as Google and other infosec sleuths ring Redmond’s alarm bell
- Iran's school for cyberspies could've used a few more lessons in preventing breaches
- You have one week to opt out or become fodder for LinkedIn AI training
- Researchers exploit OpenAI's Atlas by disguising prompts as URLs
- X says passkey reset isn't about a security issue – it's to finally kill off twitter.com
- Ex-CISA head thinks AI might fix code so fast we won't need security teams
- UN Cybercrime Treaty wins dozens of signatories, to go with its many critics
- Security Weekly Podcast Network (Audio)
- Schneier on Security
- Blaze's Security Blog